Linux Analysis Report
jzyKEkkDsV.elf

Overview

General Information

Sample name: jzyKEkkDsV.elf
renamed because original name is a hash value
Original sample name: 1ab49b94c76ab804db1775b59a5c96f73fd9d32d568ec0a6b38a5dd8a82ddf0b.elf
Analysis ID: 1561524
MD5: 95fb146676b2f03b928e5286bdb51cf3
SHA1: 020ce2d2a369621dc827350a422eb18382bd9bba
SHA256: 1ab49b94c76ab804db1775b59a5c96f73fd9d32d568ec0a6b38a5dd8a82ddf0b
Infos:

Detection

Mirai
Score: 100
Range: 0 - 100
Whitelisted: false

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sample tries to kill a massive number of system processes
Yara detected Mirai
Reads system files that contain records of logged in users
Sample deletes itself
Sample reads /proc/mounts (often used for finding a writable filesystem)
Sample tries to kill multiple processes (SIGKILL)
Searches for VM related strings in files or piped streams (probably for evasion)
Creates hidden files and/or directories
Deletes log files
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Executes commands using a shell command-line interpreter
Executes the "grep" command used to find patterns in files or piped streams
Executes the "ps" command used to list the status of processes
Executes the "rm" command used to delete files or directories
Found strings indicative of a multi-platform dropper
Reads CPU information from /proc indicative of miner or evasive malware
Reads CPU information from /sys indicative of miner or evasive malware
Reads system information from the proc file system
Reads system version information
Reads the 'hosts' file potentially containing internal network hosts
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Sample tries to set the executable flag
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

Name Description Attribution Blogpost URLs Link
Mirai Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: jzyKEkkDsV.elf Avira: detected
Multi AV Scanner detection for submitted file
Source: jzyKEkkDsV.elf ReversingLabs: Detection: 56%
Reads CPU information from /proc indicative of miner or evasive malware
Source: /usr/lib/xorg/Xorg (PID: 5272) Reads CPU info from proc file: /proc/cpuinfo Jump to behavior
Source: /usr/lib/xorg/Xorg (PID: 6504) Reads CPU info from proc file: /proc/cpuinfo
Source: /usr/sbin/lightdm-gtk-greeter (PID: 6696) Reads CPU info from proc file: /proc/cpuinfo
Source: /usr/lib/xorg/Xorg (PID: 7443) Reads CPU info from proc file: /proc/cpuinfo
Source: /usr/lib/xorg/Xorg (PID: 7926) Reads CPU info from proc file: /proc/cpuinfo
Source: /usr/sbin/lightdm-gtk-greeter (PID: 7994) Reads CPU info from proc file: /proc/cpuinfo
Reads CPU information from /sys indicative of miner or evasive malware
Source: /usr/lib/xorg/Xorg (PID: 5272) Reads CPU info from /sys: /sys/devices/system/cpu/online Jump to behavior
Source: /usr/lib/xorg/Xorg (PID: 6504) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/sbin/lightdm-gtk-greeter (PID: 6696) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/lib/x86_64-linux-gnu/indicator-session/indicator-session-service (PID: 6795) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/lib/xorg/Xorg (PID: 7443) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/lib/xorg/Xorg (PID: 7926) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/sbin/lightdm-gtk-greeter (PID: 7994) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/lib/x86_64-linux-gnu/indicator-session/indicator-session-service (PID: 8036) Reads CPU info from /sys: /sys/devices/system/cpu/online
Found strings indicative of a multi-platform dropper
Source: jzyKEkkDsV.elf String: EOF/proc//proc/%s/cmdlinewgetcurlftpechokillbashrebootshutdownhaltpoweroff[locker] killed process: %s ;; pid: %d
Detected TCP or UDP traffic on non-standard ports
Source: global traffic TCP traffic: 192.168.2.20:37116 -> 89.190.156.145:7733
Source: global traffic TCP traffic: 192.168.2.20:52898 -> 154.216.16.109:33966
Reads the 'hosts' file potentially containing internal network hosts
Source: /usr/sbin/rsyslogd (PID: 4982) Reads hosts file: /etc/hosts Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5840) Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6122) Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6229) Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7208) Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7598) Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7721) Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7792) Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 8174) Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 8300) Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 8423) Reads hosts file: /etc/hosts
Sample listens on a socket
Source: /usr/lib/xorg/Xorg (PID: 5272) Socket: <unknown socket type> Jump to behavior
Source: /usr/bin/gnome-keyring-daemon (PID: 5838) Socket: <unknown socket type> Jump to behavior
Source: /usr/sbin/sshd (PID: 5456) Socket: 0.0.0.0:22 Jump to behavior
Source: /usr/sbin/sshd (PID: 5456) Socket: [::]:22 Jump to behavior
Source: /usr/sbin/sshd (PID: 5908) Socket: 0.0.0.0:22
Source: /usr/sbin/sshd (PID: 5908) Socket: [::]:22
Source: /usr/sbin/sshd (PID: 6213) Socket: 0.0.0.0:22
Source: /usr/sbin/sshd (PID: 6213) Socket: [::]:22
Source: /lib/systemd/systemd (PID: 6334) Socket: <unknown socket type>
Source: /usr/lib/xorg/Xorg (PID: 6504) Socket: <unknown socket type>
Source: /usr/bin/gnome-keyring-daemon (PID: 6670) Socket: <unknown socket type>
Source: /usr/bin/dbus-daemon (PID: 6684) Socket: <unknown socket type>
Source: /usr/bin/dbus-daemon (PID: 6716) Socket: <unknown socket type>
Source: /sbin/upstart (PID: 6769) Socket: <unknown socket type>
Source: /usr/bin/pulseaudio (PID: 6937) Socket: <unknown socket type>
Source: /usr/sbin/sshd (PID: 7167) Socket: 0.0.0.0:22
Source: /usr/sbin/sshd (PID: 7167) Socket: [::]:22
Source: /usr/lib/xorg/Xorg (PID: 7443) Socket: <unknown socket type>
Source: /usr/sbin/sshd (PID: 7589) Socket: 0.0.0.0:22
Source: /usr/sbin/sshd (PID: 7589) Socket: [::]:22
Source: /usr/sbin/sshd (PID: 7711) Socket: 0.0.0.0:22
Source: /usr/sbin/sshd (PID: 7711) Socket: [::]:22
Source: /usr/sbin/sshd (PID: 7884) Socket: 0.0.0.0:22
Source: /usr/sbin/sshd (PID: 7884) Socket: [::]:22
Source: /lib/systemd/systemd (PID: 7889) Socket: <unknown socket type>
Source: /usr/lib/xorg/Xorg (PID: 7926) Socket: <unknown socket type>
Source: /usr/bin/gnome-keyring-daemon (PID: 7986) Socket: <unknown socket type>
Source: /usr/bin/dbus-daemon (PID: 7991) Socket: <unknown socket type>
Source: /usr/bin/dbus-daemon (PID: 8002) Socket: <unknown socket type>
Source: /sbin/upstart (PID: 8028) Socket: <unknown socket type>
Source: /usr/bin/pulseaudio (PID: 8090) Socket: <unknown socket type>
Source: /usr/sbin/sshd (PID: 8268) Socket: 0.0.0.0:22
Source: /usr/sbin/sshd (PID: 8268) Socket: [::]:22
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: global traffic DNS traffic detected: DNS query: ksdjwi.eye-network.ru
Source: global traffic DNS traffic detected: DNS query: daisy.ubuntu.com
Source: x-0.log.596.dr, x-0.log.728.dr, x-0.log.390.dr, Xorg.0.log.728.dr, x-0.log.127.dr, Xorg.0.log.390.dr, Xorg.0.log.596.dr, Xorg.0.log.127.dr String found in binary or memory: http://wiki.x.org
Source: syslog.649.dr, syslog.629.dr, syslog.541.dr, syslog.933.dr, syslog.1005.dr, syslog.862.dr, syslog.63.dr, syslog.307.dr, syslog.243.dr, syslog.666.dr, syslog.329.dr String found in binary or memory: http://www.rsyslog.com
Source: syslog.649.dr, syslog.629.dr, syslog.541.dr, syslog.933.dr, syslog.1005.dr, syslog.862.dr, syslog.63.dr, syslog.307.dr, syslog.243.dr, syslog.666.dr, syslog.329.dr String found in binary or memory: http://www.rsyslog.com/e/2007
Source: syslog.649.dr, syslog.629.dr, syslog.541.dr, syslog.933.dr, syslog.1005.dr, syslog.862.dr, syslog.63.dr, syslog.307.dr, syslog.243.dr, syslog.666.dr, syslog.329.dr String found in binary or memory: http://www.rsyslog.com/e/2039
Source: syslog.649.dr, syslog.629.dr, syslog.541.dr, syslog.933.dr, syslog.1005.dr, syslog.862.dr, syslog.63.dr, syslog.307.dr, syslog.243.dr, syslog.666.dr, syslog.329.dr String found in binary or memory: http://www.rsyslog.com/e/2222
Source: x-0.log.596.dr, x-0.log.728.dr, x-0.log.390.dr, Xorg.0.log.728.dr, x-0.log.127.dr, Xorg.0.log.390.dr, Xorg.0.log.596.dr, Xorg.0.log.127.dr String found in binary or memory: http://www.ubuntu.com/support)

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: jzyKEkkDsV.elf, type: SAMPLE Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 4685.1.00007f6eb2686000.00007f6eb26b5000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: jzyKEkkDsV.elf PID: 4685, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Sample tries to kill a massive number of system processes
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 2, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 3, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 5, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 6, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 7, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 8, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 9, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 10, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 11, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 12, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 13, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 14, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 15, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 16, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 17, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 18, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 19, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 20, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 21, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 22, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 23, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 24, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 28, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 29, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 30, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 31, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 47, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 48, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 49, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 50, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 51, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 52, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 53, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 54, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 55, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 56, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 57, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 58, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 59, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 60, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 66, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 67, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 80, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 81, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 151, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 152, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 153, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 154, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 155, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 156, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 157, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 158, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 159, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 161, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 167, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 169, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 171, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 174, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 178, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 179, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 182, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 183, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 186, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 187, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 190, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 191, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 193, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 195, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 197, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 199, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 201, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 203, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 205, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 207, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 209, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 210, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 211, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 212, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 213, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 214, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 215, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 216, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 217, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 218, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 219, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 220, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 221, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 222, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 223, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 224, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 225, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 226, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 227, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 228, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 229, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 230, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 231, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 232, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 233, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 234, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 235, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 236, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 237, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 238, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 239, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 240, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 241, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 266, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 269, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 270, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 271, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 288, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 293, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 367, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 400, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 428, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 429, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 471, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 479, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 494, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 502, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 527, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 533, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 552, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 562, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 564, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 565, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 566, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 567, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 611, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent to PID below 1000: pid: 980, result: successful Jump to behavior
Sample tries to kill multiple processes (SIGKILL)
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 2, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 3, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 5, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 6, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 8, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 9, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 10, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 11, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 12, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 13, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 14, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 15, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 16, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 17, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 18, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 19, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 20, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 21, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 22, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 23, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 24, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 28, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 29, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 30, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 31, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 47, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 48, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 49, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 50, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 51, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 52, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 53, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 54, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 55, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 56, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 57, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 58, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 59, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 60, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 66, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 67, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 80, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 81, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 151, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 152, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 153, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 154, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 155, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 156, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 157, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 158, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 159, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 161, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 167, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 169, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 171, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 174, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 178, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 179, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 182, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 183, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 186, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 187, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 190, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 191, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 193, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 195, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 197, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 199, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 201, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 203, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 205, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 207, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 209, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 210, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 211, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 212, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 213, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 214, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 215, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 216, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 217, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 218, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 219, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 220, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 221, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 222, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 223, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 224, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 225, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 226, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 227, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 228, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 229, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 230, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 231, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 232, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 233, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 234, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 235, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 236, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 237, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 238, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 239, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 240, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 241, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 266, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 269, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 270, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 271, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 288, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 293, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 367, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 400, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 428, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 429, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 471, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 479, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 494, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 502, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 527, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 533, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 552, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 562, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 564, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 565, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 566, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 567, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 611, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 980, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1010, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1017, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1018, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1027, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1031, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1039, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1051, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1076, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1113, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1120, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1317, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1321, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1338, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1339, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1346, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1391, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1398, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1423, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1559, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1633, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1645, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1649, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1654, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1656, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1724, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1726, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1767, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1774, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1775, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1787, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1792, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1794, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1805, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1820, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1831, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1835, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1841, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1845, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1847, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1848, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1850, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1855, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1859, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1860, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1862, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1866, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1868, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1874, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1886, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1887, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1891, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1917, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1918, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1923, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1930, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1932, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1941, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1942, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1944, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1971, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1974, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1975, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1976, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1977, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1978, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1983, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1984, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 2002, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 2030, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 2054, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 2059, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 2065, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 2076, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 2085, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 2087, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 2096, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 2101, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 2108, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 2110, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 2120, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 2149, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 2157, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 2235, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 2619, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 2643, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 2645, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 2649, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 2651, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 2710, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 4609, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 4629, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 4631, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 4636, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 4697, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 4699, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 4739, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 4770, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 4864, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 4901, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 4944, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 4982, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 5456, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 5474, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 5770, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 5780, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 5811, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 5840, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 5841, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 5869, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 5869, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 4719, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 6150, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 4763, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 6104, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 6156, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 6192, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 6193, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 6213, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 6222, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 6223, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 6226, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 6229, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 6242, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 6254, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 6280, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 6309, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 6311, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7132, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7146, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7167, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7197, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7208, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7314, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 6344, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 6344, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7086, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7086, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7526, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7556, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7572, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7589, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7598, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7625, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 6334, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7754, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7755, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7792, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7795, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7798, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7799, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7814, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7816, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7849, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7868, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7870, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7884, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 8159, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 8174, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 8181, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 8224, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 8229, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7890, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7890, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 8192, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 8192, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 8268, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 8288, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 8300, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 8307, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 8321, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 8333, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 8422, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 8423, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 8430, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 8439, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 8453, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 8462, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 8473, result: successful Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6695) SIGKILL sent: pid: 6732, result: successful
Source: /usr/bin/dbus-daemon (PID: 6695) SIGKILL sent: pid: 6873, result: successful
Source: /usr/bin/dbus-daemon (PID: 6695) SIGKILL sent: pid: 7053, result: successful
Source: /usr/bin/dbus-daemon (PID: 6716) SIGKILL sent: pid: 6723, result: successful
Source: /usr/bin/dbus-daemon (PID: 7993) SIGKILL sent: pid: 8006, result: successful
Source: /usr/bin/dbus-daemon (PID: 7993) SIGKILL sent: pid: 8061, result: successful
Source: /usr/bin/dbus-daemon (PID: 7993) SIGKILL sent: pid: 8128, result: successful
Source: /usr/bin/dbus-daemon (PID: 8002) SIGKILL sent: pid: 8003, result: successful
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Source: Initial sample String containing 'busybox' found: BusyBox
Source: Initial sample String containing 'busybox' found: BusyBoxps:/proc/%d/exe[killer/exe] killed process: %s ;; pid: %d
Sample has stripped symbol table
Source: ELF static info symbol of initial sample .symtab present: no
Sample tries to kill a process (SIGKILL)
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 2, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 3, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 5, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 6, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 8, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 9, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 10, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 11, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 12, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 13, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 14, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 15, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 16, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 17, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 18, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 19, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 20, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 21, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 22, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 23, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 24, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 28, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 29, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 30, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 31, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 47, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 48, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 49, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 50, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 51, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 52, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 53, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 54, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 55, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 56, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 57, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 58, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 59, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 60, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 66, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 67, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 80, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 81, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 151, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 152, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 153, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 154, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 155, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 156, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 157, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 158, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 159, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 161, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 167, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 169, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 171, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 174, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 178, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 179, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 182, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 183, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 186, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 187, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 190, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 191, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 193, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 195, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 197, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 199, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 201, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 203, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 205, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 207, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 209, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 210, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 211, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 212, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 213, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 214, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 215, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 216, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 217, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 218, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 219, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 220, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 221, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 222, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 223, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 224, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 225, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 226, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 227, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 228, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 229, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 230, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 231, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 232, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 233, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 234, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 235, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 236, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 237, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 238, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 239, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 240, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 241, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 266, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 269, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 270, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 271, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 288, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 293, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 367, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 400, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 428, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 429, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 471, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 479, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 494, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 502, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 527, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 533, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 552, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 562, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 564, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 565, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 566, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 567, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 611, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 980, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1010, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1017, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1018, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1027, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1031, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1039, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1051, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1076, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1113, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1120, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1317, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1321, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1338, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1339, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1346, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1391, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1398, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1423, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1559, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1633, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1645, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1649, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1654, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1656, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1724, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1726, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1767, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1774, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1775, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1787, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1792, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1794, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1805, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1820, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1831, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1835, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1841, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1845, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1847, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1848, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1850, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1855, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1859, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1860, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1862, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1866, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1868, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1874, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1886, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1887, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1891, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1917, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1918, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1923, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1930, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1932, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1941, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1942, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1944, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1971, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1974, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1975, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1976, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1977, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1978, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1983, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 1984, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 2002, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 2030, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 2054, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 2059, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 2065, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 2076, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 2085, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 2087, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 2096, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 2101, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 2108, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 2110, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 2120, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 2149, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 2157, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 2235, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 2619, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 2643, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 2645, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 2649, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 2651, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 2710, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 4609, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 4629, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 4631, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 4636, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 4697, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 4699, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 4739, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 4770, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 4864, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 4901, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 4944, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 4982, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 5456, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 5474, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 5770, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 5780, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 5811, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 5840, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 5841, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 5869, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 5869, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 4719, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 6150, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 4763, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 6104, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 6156, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 6192, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 6193, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 6213, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 6222, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 6223, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 6226, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 6229, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 6242, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 6254, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 6280, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 6309, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 6311, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7132, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7146, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7167, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7197, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7208, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7314, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 6344, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 6344, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7086, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7086, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7526, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7556, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7572, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7589, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7598, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7625, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 6334, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7754, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7755, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7792, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7795, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7798, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7799, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7814, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7816, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7849, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7868, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7870, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7884, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 8159, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 8174, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 8181, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 8224, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 8229, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7890, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 7890, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 8192, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 8192, result: no such process Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 8268, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 8288, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 8300, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 8307, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 8321, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 8333, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 8422, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 8423, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 8430, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 8439, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 8453, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 8462, result: successful Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 4695) SIGKILL sent: pid: 8473, result: successful Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6695) SIGKILL sent: pid: 6732, result: successful
Source: /usr/bin/dbus-daemon (PID: 6695) SIGKILL sent: pid: 6873, result: successful
Source: /usr/bin/dbus-daemon (PID: 6695) SIGKILL sent: pid: 7053, result: successful
Source: /usr/bin/dbus-daemon (PID: 6716) SIGKILL sent: pid: 6723, result: successful
Source: /usr/bin/dbus-daemon (PID: 7993) SIGKILL sent: pid: 8006, result: successful
Source: /usr/bin/dbus-daemon (PID: 7993) SIGKILL sent: pid: 8061, result: successful
Source: /usr/bin/dbus-daemon (PID: 7993) SIGKILL sent: pid: 8128, result: successful
Source: /usr/bin/dbus-daemon (PID: 8002) SIGKILL sent: pid: 8003, result: successful
Yara signature match
Source: jzyKEkkDsV.elf, type: SAMPLE Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 4685.1.00007f6eb2686000.00007f6eb26b5000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: jzyKEkkDsV.elf PID: 4685, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: classification engine Classification label: mal100.spre.troj.evad.linELF@0/456@106/0

Persistence and Installation Behavior
barindex
Sample reads /proc/mounts (often used for finding a writable filesystem)
Source: /usr/bin/dbus-daemon (PID: 4901) File: /proc/4901/mounts Jump to behavior
Source: /bin/fusermount (PID: 4915) File: /proc/4915/mounts Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 5811) File: /proc/5811/mounts
Source: /usr/bin/dbus-daemon (PID: 6016) File: /proc/6016/mounts
Source: /usr/bin/dbus-daemon (PID: 6193) File: /proc/6193/mounts
Source: /usr/bin/dbus-daemon (PID: 6684) File: /proc/6684/mounts
Source: /bin/fusermount (PID: 6753) File: /proc/6753/mounts
Source: /bin/fusermount (PID: 7105) File: /proc/7105/mounts
Source: /usr/bin/dbus-daemon (PID: 6716) File: /proc/6716/mounts
Source: /usr/bin/dbus-daemon (PID: 7146) File: /proc/7146/mounts
Source: /usr/bin/dbus-daemon (PID: 7556) File: /proc/7556/mounts
Source: /usr/bin/dbus-daemon (PID: 7678) File: /proc/7678/mounts
Source: /usr/bin/dbus-daemon (PID: 7849) File: /proc/7849/mounts
Source: /usr/bin/dbus-daemon (PID: 7991) File: /proc/7991/mounts
Source: /bin/fusermount (PID: 8015) File: /proc/8015/mounts
Source: /bin/fusermount (PID: 8220) File: /proc/8220/mounts
Source: /usr/bin/dbus-daemon (PID: 8002) File: /proc/8002/mounts
Source: /usr/bin/dbus-daemon (PID: 8229) File: /proc/8229/mounts
Source: /usr/bin/dbus-daemon (PID: 8333) File: /proc/8333/mounts
Source: /usr/bin/dbus-daemon (PID: 8473) File: /proc/8473/mounts
Creates hidden files and/or directories
Source: /lib/systemd/systemd-journald (PID: 4719) File: /run/systemd/journal/streams/.#8:33697qQXRjI Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 4719) File: /run/systemd/journal/streams/.#8:33794EDBjfJ Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 4719) File: /run/systemd/journal/streams/.#8:33956VaEQqO Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 4719) File: /run/systemd/journal/streams/.#8:341373pHthU Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 4719) File: /run/systemd/journal/streams/.#8:34207uSEWg0 Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 4719) File: /run/systemd/journal/streams/.#8:34324mPL6K6 Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 4719) File: /run/systemd/journal/streams/.#8:34557LTBTPd Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 4719) File: /run/systemd/journal/streams/.#8:34560fAOiWk Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 4719) File: /run/systemd/journal/streams/.#8:34734qEuIgs Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 4719) File: /run/systemd/journal/streams/.#8:34851obxrXz Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 4719) File: /run/systemd/journal/streams/.#8:34966vIs99H Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 4719) File: /run/systemd/journal/streams/.#8:35146EKHijR Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 4719) File: /run/systemd/journal/streams/.#8:352290bnlx0 Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 4719) File: /run/systemd/journal/streams/.#8:35523oh8ZQb Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 4719) File: /run/systemd/journal/streams/.#8:35652tyM5ao Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 4719) File: /run/systemd/journal/streams/.#8:357401Z5vKA Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 4719) File: /run/systemd/journal/streams/.#8:36159sfdhnY Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 4719) File: /run/systemd/journal/streams/.#8:36449vwztWz Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 4719) File: /run/systemd/journal/streams/.#8:36535E9RE2b Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 4719) File: /run/systemd/journal/streams/.#8:36618FmwqbO Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 4719) File: /run/systemd/journal/streams/.#8:367355e6Ryq Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 4719) File: /run/systemd/journal/streams/.#8:36833mOYV82 Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 4719) File: /run/systemd/journal/streams/.#8:37014yqGI4F Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 4719) File: /run/systemd/journal/streams/.#8:37162f5duGj Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 4719) File: /run/systemd/journal/streams/.#8:372431ArXkX Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 4719) File: /run/systemd/journal/streams/.#8:37336Nyoi7A Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 4719) File: /run/systemd/journal/streams/.#8:37419O7ZGWe Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 4719) File: /run/systemd/journal/streams/.#8:37549eBRY4S Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 4719) File: /run/systemd/journal/streams/.#8:37638ZDuhgx Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 4719) File: /run/systemd/journal/streams/.#8:37744r6MSAb Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 4719) File: /run/systemd/journal/streams/.#8:378734kAUcQ Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 4719) File: /run/systemd/journal/streams/.#8:37963DmvWRu Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 4719) File: /run/systemd/journal/streams/.#8:38041gTrtz9 Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 4719) File: /run/systemd/journal/streams/.#8:38262BbNezO Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 4719) File: /run/systemd/journal/streams/.#8:38374oL1hUt Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/indicator-keyboard/indicator-keyboard-service (PID: 4780) Directory: /home/james/.Xauthority Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 4943) File: /run/systemd/seats/.#seat0i2QEew Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 4943) File: /run/systemd/users/.#1000N91pSD Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 4943) File: /run/systemd/users/.#1000MFf0wL Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 4943) File: /run/systemd/sessions/.#c2wCwVcT Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 4943) File: /run/systemd/users/.#1000YYmVS0 Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 4943) File: /run/systemd/seats/.#seat08AoZy8 Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 4943) File: /run/systemd/users/.#1000yZkfrg Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 4943) File: /run/systemd/sessions/.#c2cvjO9t Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 4943) File: /run/systemd/users/.#1000cqYrSH Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 4943) File: /run/systemd/users/.#110QklCpY Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 4943) File: /run/systemd/users/.#110pvLDXe Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 4943) File: /run/systemd/seats/.#seat06pOFyv Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 4943) File: /run/systemd/users/.#1100JsMaM Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 4943) File: /run/systemd/sessions/.#c2xOsTN2 Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 4943) File: /run/systemd/users/.#1000QCn3qj Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 4943) File: /run/systemd/sessions/.#c1IT7f4z Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 4943) File: /run/systemd/users/.#110uzzvHQ Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 4943) File: /run/systemd/seats/.#seat0XkAYl7 Jump to behavior
Source: /usr/lib/accountsservice/accounts-daemon (PID: 5030) Directory: /root/.cache Jump to behavior
Source: /usr/lib/policykit-1/polkitd (PID: 5084) Directory: /root/.cache Jump to behavior
Source: /usr/sbin/lightdm (PID: 5231) Directory: /root/.cache Jump to behavior
Source: /usr/lib/xorg/Xorg (PID: 5272) File: /tmp/.tX0-lock Jump to behavior
Source: /usr/sbin/lightdm (PID: 5628) Directory: /var/lib/lightdm/.Xauthority Jump to behavior
Source: /usr/bin/gnome-keyring-daemon (PID: 5838) Directory: /var/lib/lightdm/.cache Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/indicator-keyboard/indicator-keyboard-service (PID: 5666) Directory: /home/james/.Xauthority Jump to behavior
Source: /usr/sbin/lightdm (PID: 6101) Directory: /root/.cache
Source: /lib/systemd/systemd-journald (PID: 6222) File: /run/systemd/journal/streams/.#8:40213zcmQcl
Source: /lib/systemd/systemd-journald (PID: 6222) File: /run/systemd/journal/streams/.#8:40218Uqokg4
Source: /lib/systemd/systemd-journald (PID: 6222) File: /run/systemd/journal/streams/.#8:402192jrEkN
Source: /lib/systemd/systemd-journald (PID: 6222) File: /run/systemd/journal/streams/.#8:40225Y7hDqw
Source: /lib/systemd/systemd-journald (PID: 6222) File: /run/systemd/journal/streams/.#8:40231bl3uxf
Source: /lib/systemd/systemd-journald (PID: 6222) File: /run/systemd/journal/streams/.#8:40237zJwuFY
Source: /lib/systemd/systemd-journald (PID: 6222) File: /run/systemd/journal/streams/.#8:40244gqf2TH
Source: /lib/systemd/systemd-journald (PID: 6222) File: /run/systemd/journal/streams/.#8:402498irA9q
Source: /lib/systemd/systemd-journald (PID: 6222) File: /run/systemd/journal/streams/.#8:402563Lm8pa
Source: /lib/systemd/systemd-journald (PID: 6222) File: /run/systemd/journal/streams/.#8:40257zqIUGT
Source: /lib/systemd/systemd-journald (PID: 6222) File: /run/systemd/journal/streams/.#8:40258qFWTXC
Source: /lib/systemd/systemd-journald (PID: 6222) File: /run/systemd/journal/streams/.#8:40259LLo5em
Source: /lib/systemd/systemd-journald (PID: 6222) File: /run/systemd/journal/streams/.#8:402603msrw5
Source: /lib/systemd/systemd-journald (PID: 6222) File: /run/systemd/journal/streams/.#8:40411mksK2V
Source: /lib/systemd/systemd-journald (PID: 6222) File: /run/systemd/journal/streams/.#8:40748HMAE2B
Source: /lib/systemd/systemd-journald (PID: 6222) File: /run/systemd/journal/streams/.#8:40750OszE2h
Source: /lib/systemd/systemd-journald (PID: 6222) File: /run/systemd/journal/streams/.#8:40762qMTx5X
Source: /lib/systemd/systemd-journald (PID: 6222) File: /run/systemd/journal/streams/.#8:407640IgC8D
Source: /lib/systemd/systemd-journald (PID: 6222) File: /run/systemd/journal/streams/.#8:40964sHmlol
Source: /lib/systemd/systemd-journald (PID: 6222) File: /run/systemd/journal/streams/.#8:409664sgaE2
Source: /lib/systemd/systemd-journald (PID: 6222) File: /run/systemd/journal/streams/.#8:41187FZM1lL
Source: /lib/systemd/systemd-journald (PID: 6222) File: /run/systemd/journal/streams/.#8:414320pOsqw
Source: /lib/systemd/systemd-journald (PID: 6222) File: /run/systemd/journal/streams/.#8:414343rn0uh
Source: /lib/systemd/systemd-journald (PID: 6222) File: /run/systemd/journal/streams/.#8:41575Owa8Ta
Source: /lib/systemd/systemd-journald (PID: 6222) File: /run/systemd/journal/streams/.#8:41743gJBFI4
Source: /lib/systemd/systemd-journald (PID: 6222) File: /run/systemd/journal/streams/.#8:41827eniCFY
Source: /lib/systemd/systemd-journald (PID: 6222) File: /run/systemd/journal/streams/.#8:41936IqnjSS
Source: /lib/systemd/systemd-journald (PID: 6222) File: /run/systemd/journal/streams/.#8:42022GPY39M
Source: /lib/systemd/systemd-logind (PID: 6280) File: /run/systemd/seats/.#seat0w881W2
Source: /lib/systemd/systemd-logind (PID: 6280) File: /run/systemd/users/.#1000486YrJ
Source: /lib/systemd/systemd-logind (PID: 6280) File: /run/systemd/users/.#1000SljXXp
Source: /lib/systemd/systemd-logind (PID: 6280) File: /run/systemd/users/.#110ojUhu6
Source: /lib/systemd/systemd-logind (PID: 6280) File: /run/systemd/users/.#110ZRc61M
Source: /lib/systemd/systemd-logind (PID: 6280) File: /run/systemd/sessions/.#c1e816zt
Source: /lib/systemd/systemd-logind (PID: 6280) File: /run/systemd/users/.#110l7Ra89
Source: /lib/systemd/systemd-logind (PID: 6280) File: /run/systemd/seats/.#seat0IzvhGQ
Source: /lib/systemd/systemd-logind (PID: 6280) File: /run/systemd/sessions/.#c2x32Lfx
Source: /lib/systemd/systemd-logind (PID: 6280) File: /run/systemd/users/.#1000uiHjPd
Source: /lib/systemd/systemd-logind (PID: 6280) File: /run/systemd/seats/.#seat0eXbUoU
Source: /lib/systemd/systemd-logind (PID: 6280) File: /run/systemd/users/.#1000gj83gC
Source: /lib/systemd/systemd-logind (PID: 6280) File: /run/systemd/seats/.#seat0RcbOro
Source: /lib/systemd/systemd-logind (PID: 6280) File: /run/systemd/users/.#110CsEfDa
Source: /lib/systemd/systemd-logind (PID: 6280) File: /run/systemd/sessions/.#c1Jg6cPW
Source: /lib/systemd/systemd-logind (PID: 6280) File: /run/systemd/sessions/.#c3C4Pe1I
Source: /lib/systemd/systemd-logind (PID: 6280) File: /run/systemd/users/.#110lOIkdv
Source: /lib/systemd/systemd-logind (PID: 6280) File: /run/systemd/seats/.#seat0ojHuph
Source: /usr/sbin/lightdm (PID: 6465) Directory: /root/.cache
Source: /usr/lib/xorg/Xorg (PID: 6504) File: /tmp/.tX0-lock
Source: /usr/sbin/lightdm (PID: 6617) Directory: /var/lib/lightdm/.Xauthority
Source: /usr/sbin/lightdm (PID: 6617) File: /var/lib/lightdm/.Xauthority
Source: /usr/bin/gnome-keyring-daemon (PID: 6670) Directory: /var/lib/lightdm/.cache
Source: /usr/bin/dbus-launch (PID: 6673) Directory: /var/lib/lightdm/.Xauthority
Source: /usr/bin/dbus-launch (PID: 6673) Directory: /var/lib/lightdm/.dbus
Source: /usr/lib/gvfs/gvfsd (PID: 6733) Directory: /var/lib/lightdm/.cache
Source: /usr/lib/gvfs/gvfsd (PID: 6733) Directory: /var/lib/lightdm/.gvfs
Source: /usr/lib/gvfs/gvfsd-fuse (PID: 6746) Directory: /var/lib/lightdm/.gvfs
Source: /usr/lib/gvfs/gvfsd-fuse (PID: 6746) Directory: /var/lib/lightdm/.cache
Source: /bin/fusermount (PID: 6753) Directory: .
Source: /usr/bin/gnome-screensaver (PID: 6876) Directory: /var/lib/lightdm/.Xauthority
Source: /usr/bin/gnome-screensaver (PID: 6876) Directory: /var/lib/lightdm/.Xdefaults
Source: /usr/bin/gnome-screensaver (PID: 6876) Directory: /var/lib/lightdm/.Xdefaults-ubuntu
Source: /usr/bin/gnome-screensaver (PID: 6876) Directory: /var/lib/lightdm/.Xauthority
Source: /usr/bin/gnome-screensaver (PID: 6876) Directory: /var/lib/lightdm/.cache
Source: /usr/lib/dconf/dconf-service (PID: 7054) Directory: /var/lib/lightdm/.cache
Source: /usr/sbin/lightdm-gtk-greeter (PID: 6696) Directory: /var/lib/lightdm/.Xauthority
Source: /usr/sbin/lightdm-gtk-greeter (PID: 6696) Directory: /var/lib/lightdm/.drirc
Source: /usr/sbin/lightdm-gtk-greeter (PID: 6696) Directory: /var/lib/lightdm/.Xdefaults
Source: /usr/sbin/lightdm-gtk-greeter (PID: 6696) Directory: /var/lib/lightdm/.Xdefaults-ubuntu
Source: /usr/sbin/lightdm-gtk-greeter (PID: 6696) Directory: /var/lib/lightdm/.Xauthority
Source: /usr/sbin/lightdm-gtk-greeter (PID: 6696) Directory: /home/james/.face
Source: /usr/sbin/lightdm-gtk-greeter (PID: 6696) Directory: /var/lib/lightdm/.cache
Source: /usr/lib/at-spi2-core/at-spi-bus-launcher (PID: 6704) Directory: /var/lib/lightdm/.Xauthority
Source: /usr/lib/at-spi2-core/at-spi-bus-launcher (PID: 6704) Directory: /var/lib/lightdm/.Xauthority
Source: /usr/lib/at-spi2-core/at-spi-bus-launcher (PID: 6704) Directory: /var/lib/lightdm/.cache
Source: /usr/lib/at-spi2-core/at-spi2-registryd (PID: 6724) Directory: /var/lib/lightdm/.Xauthority
Source: /usr/lib/at-spi2-core/at-spi2-registryd (PID: 6724) Directory: /var/lib/lightdm/.Xauthority
Source: /sbin/upstart (PID: 6769) Directory: /var/lib/lightdm/.init
Source: /sbin/upstart (PID: 6769) Directory: /var/lib/lightdm/.cache
Source: /sbin/upstart (PID: 6769) Directory: /var/lib/lightdm/.config
Source: /usr/lib/x86_64-linux-gnu/indicator-messages/indicator-messages-service (PID: 6789) Directory: /var/lib/lightdm/.cache
Source: /usr/lib/x86_64-linux-gnu/indicator-bluetooth/indicator-bluetooth-service (PID: 6790) Directory: /var/lib/lightdm/.cache
Source: /usr/lib/x86_64-linux-gnu/indicator-power/indicator-power-service (PID: 6791) Directory: /var/lib/lightdm/.cache
Source: /usr/lib/x86_64-linux-gnu/indicator-datetime/indicator-datetime-service (PID: 6792) Directory: /var/lib/lightdm/.cache
Source: /usr/lib/x86_64-linux-gnu/indicator-keyboard/indicator-keyboard-service (PID: 6793) Directory: /var/lib/lightdm/.Xauthority
Source: /usr/lib/x86_64-linux-gnu/indicator-keyboard/indicator-keyboard-service (PID: 6793) Directory: /var/lib/lightdm/.Xdefaults
Source: /usr/lib/x86_64-linux-gnu/indicator-keyboard/indicator-keyboard-service (PID: 6793) Directory: /var/lib/lightdm/.Xdefaults-ubuntu
Source: /usr/lib/x86_64-linux-gnu/indicator-keyboard/indicator-keyboard-service (PID: 6793) Directory: /var/lib/lightdm/.Xauthority
Source: /usr/lib/x86_64-linux-gnu/indicator-keyboard/indicator-keyboard-service (PID: 6793) Directory: /var/lib/lightdm/.Xauthority
Source: /usr/lib/x86_64-linux-gnu/indicator-keyboard/indicator-keyboard-service (PID: 6793) Directory: /var/lib/lightdm/.cache
Source: /usr/lib/x86_64-linux-gnu/indicator-sound/indicator-sound-service (PID: 6794) Directory: /var/lib/lightdm/.Xauthority
Source: /usr/lib/x86_64-linux-gnu/indicator-sound/indicator-sound-service (PID: 6794) Directory: /var/lib/lightdm/.Xauthority
Source: /usr/lib/x86_64-linux-gnu/indicator-sound/indicator-sound-service (PID: 6794) Directory: /var/lib/lightdm/.cache
Source: /usr/bin/pulseaudio (PID: 6896) Directory: /var/lib/lightdm/.Xauthority
Source: /usr/lib/x86_64-linux-gnu/indicator-session/indicator-session-service (PID: 6795) Directory: /var/lib/lightdm/.cache
Source: /usr/lib/accountsservice/accounts-daemon (PID: 6524) Directory: /root/.cache
Source: /usr/lib/policykit-1/polkitd (PID: 6536) Directory: /root/.cache
Source: /lib/systemd/systemd-journald (PID: 7177) File: /run/systemd/journal/streams/.#8:42210qtjwiz
Source: /lib/systemd/systemd-journald (PID: 7177) File: /run/systemd/journal/streams/.#8:42287WNTa2u
Source: /lib/systemd/systemd-journald (PID: 7177) File: /run/systemd/journal/streams/.#8:42452orCgwr
Source: /lib/systemd/systemd-journald (PID: 7177) File: /run/systemd/journal/streams/.#8:425565sOzbo
Source: /lib/systemd/systemd-journald (PID: 7177) File: /run/systemd/journal/streams/.#8:42667Jpj6bl
Source: /lib/systemd/systemd-journald (PID: 7177) File: /run/systemd/journal/streams/.#8:42768C82yji
Source: /lib/systemd/systemd-journald (PID: 7177) File: /run/systemd/journal/streams/.#8:42878GNZ2yf
Source: /lib/systemd/systemd-journald (PID: 7177) File: /run/systemd/journal/streams/.#8:42963WY0JRc
Source: /lib/systemd/systemd-journald (PID: 7177) File: /run/systemd/journal/streams/.#8:43076Bk42oa
Source: /lib/systemd/systemd-journald (PID: 7177) File: /run/systemd/journal/streams/.#8:43170Yqqy87
Source: /lib/systemd/systemd-journald (PID: 7177) File: /run/systemd/journal/streams/.#8:433506OUQi6
Source: /lib/systemd/systemd-journald (PID: 7177) File: /run/systemd/journal/streams/.#8:43413Jor0u4
Source: /lib/systemd/systemd-journald (PID: 7177) File: /run/systemd/journal/streams/.#8:43544SDefT2
Source: /lib/systemd/systemd-journald (PID: 7177) File: /run/systemd/journal/streams/.#8:43661JiNGS1
Source: /lib/systemd/systemd-journald (PID: 7177) File: /run/systemd/journal/streams/.#8:43738Fq6hU0
Source: /lib/systemd/systemd-journald (PID: 7177) File: /run/systemd/journal/streams/.#8:438138tDTZZ
Source: /lib/systemd/systemd-journald (PID: 7177) File: /run/systemd/journal/streams/.#8:439666lHDdZ
Source: /lib/systemd/systemd-journald (PID: 7177) File: /run/systemd/journal/streams/.#8:44094Q7EaSY
Source: /lib/systemd/systemd-journald (PID: 7177) File: /run/systemd/journal/streams/.#8:44225TPZdxZ
Source: /lib/systemd/systemd-journald (PID: 7177) File: /run/systemd/journal/streams/.#8:44284Bw8vc0
Source: /lib/systemd/systemd-journald (PID: 7177) File: /run/systemd/journal/streams/.#8:44393fCgG10
Source: /lib/systemd/systemd-journald (PID: 7177) File: /run/systemd/journal/streams/.#8:44510txKLj2
Source: /lib/systemd/systemd-journald (PID: 7177) File: /run/systemd/journal/streams/.#8:44596JWa4M3
Source: /lib/systemd/systemd-journald (PID: 7177) File: /run/systemd/journal/streams/.#8:44688DMLnl5
Source: /lib/systemd/systemd-journald (PID: 7177) File: /run/systemd/journal/streams/.#8:44779UJdq66
Source: /lib/systemd/systemd-logind (PID: 7355) File: /run/systemd/seats/.#seat052O13t
Source: /lib/systemd/systemd-logind (PID: 7355) File: /run/systemd/users/.#1000mNQeor
Source: /lib/systemd/systemd-logind (PID: 7355) File: /run/systemd/users/.#1000WEPQIo
Source: /lib/systemd/systemd-logind (PID: 7355) File: /run/systemd/users/.#110V19M3l
Source: /lib/systemd/systemd-logind (PID: 7355) File: /run/systemd/users/.#1100M0vpj
Source: /lib/systemd/systemd-logind (PID: 7355) File: /run/systemd/sessions/.#c1EUtoLg
Source: /lib/systemd/systemd-logind (PID: 7355) File: /run/systemd/users/.#1104p5j7d
Source: /lib/systemd/systemd-logind (PID: 7355) File: /run/systemd/seats/.#seat0sgEitb
Source: /lib/systemd/systemd-logind (PID: 7355) File: /run/systemd/sessions/.#c3o7JRP8
Source: /lib/systemd/systemd-logind (PID: 7355) File: /run/systemd/users/.#110lZVCc6
Source: /lib/systemd/systemd-logind (PID: 7355) File: /run/systemd/seats/.#seat0s74wz3
Source: /lib/systemd/systemd-logind (PID: 7355) File: /run/systemd/sessions/.#c2a8wMW0
Source: /lib/systemd/systemd-logind (PID: 7355) File: /run/systemd/users/.#10004MrakY
Source: /lib/systemd/systemd-logind (PID: 7355) File: /run/systemd/seats/.#seat050GGHV
Source: /lib/systemd/systemd-logind (PID: 7355) File: /run/systemd/users/.#1000xhXa6S
Source: /usr/sbin/lightdm (PID: 7398) Directory: /root/.cache
Source: /usr/lib/xorg/Xorg (PID: 7443) File: /tmp/.tX0-lock
Source: /usr/lib/accountsservice/accounts-daemon (PID: 7460) Directory: /root/.cache
Source: /usr/lib/policykit-1/polkitd (PID: 7476) Directory: /root/.cache
Source: /lib/systemd/systemd-journald (PID: 7754) File: /run/systemd/journal/streams/.#8:46449pa2EWk
Source: /lib/systemd/systemd-journald (PID: 7754) File: /run/systemd/journal/streams/.#8:46467NyGLgq
Source: /lib/systemd/systemd-journald (PID: 7754) File: /run/systemd/journal/streams/.#8:46474wnbEBv
Source: /lib/systemd/systemd-journald (PID: 7754) File: /run/systemd/journal/streams/.#8:46479F1qgXA
Source: /lib/systemd/systemd-journald (PID: 7754) File: /run/systemd/journal/streams/.#8:46480nvjNjG
Source: /lib/systemd/systemd-journald (PID: 7754) File: /run/systemd/journal/streams/.#8:46481rpJYHL
Source: /lib/systemd/systemd-journald (PID: 7754) File: /run/systemd/journal/streams/.#8:46493NZJv6Q
Source: /lib/systemd/systemd-journald (PID: 7754) File: /run/systemd/journal/streams/.#8:4649442ggvW
Source: /lib/systemd/systemd-journald (PID: 7754) File: /run/systemd/journal/streams/.#8:46501fgKeU1
Source: /lib/systemd/systemd-journald (PID: 7754) File: /run/systemd/journal/streams/.#8:46503MTSnj7
Source: /lib/systemd/systemd-journald (PID: 7754) File: /run/systemd/journal/streams/.#8:46504QBXDIc
Source: /lib/systemd/systemd-journald (PID: 7754) File: /run/systemd/journal/streams/.#8:46505tll17h
Source: /lib/systemd/systemd-journald (PID: 7754) File: /run/systemd/journal/streams/.#8:46506OfAvxn
Source: /lib/systemd/systemd-journald (PID: 7754) File: /run/systemd/journal/streams/.#8:46507ztU6Ws
Source: /lib/systemd/systemd-journald (PID: 7754) File: /run/systemd/journal/streams/.#8:46508TBnPmy
Source: /lib/systemd/systemd-journald (PID: 7754) File: /run/systemd/journal/streams/.#8:46634MLHdRL
Source: /lib/systemd/systemd-journald (PID: 7754) File: /run/systemd/journal/streams/.#8:46918MyYpuN
Source: /lib/systemd/systemd-journald (PID: 7754) File: /run/systemd/journal/streams/.#8:46920NamK7O
Source: /lib/systemd/systemd-journald (PID: 7754) File: /run/systemd/journal/streams/.#8:46928hE7JOQ
Source: /lib/systemd/systemd-journald (PID: 7754) File: /run/systemd/journal/streams/.#8:46930v92RvS
Source: /lib/systemd/systemd-journald (PID: 7754) File: /run/systemd/journal/streams/.#8:47071DvmVkV
Source: /lib/systemd/systemd-journald (PID: 7754) File: /run/systemd/journal/streams/.#8:470734k459X
Source: /lib/systemd/systemd-journald (PID: 7754) File: /run/systemd/journal/streams/.#8:47263Dnf9e2
Source: /lib/systemd/systemd-journald (PID: 7754) File: /run/systemd/journal/streams/.#8:47459NFbtr8
Source: /lib/systemd/systemd-journald (PID: 7754) File: /run/systemd/journal/streams/.#8:47461lehSDe
Source: /lib/systemd/systemd-logind (PID: 7816) File: /run/systemd/seats/.#seat0B2WRKq
Source: /lib/systemd/systemd-logind (PID: 7816) File: /run/systemd/users/.#1000VJ2llu
Source: /lib/systemd/systemd-logind (PID: 7816) File: /run/systemd/users/.#1000jW52Yx
Source: /lib/systemd/systemd-logind (PID: 7816) File: /run/systemd/users/.#110bYdDDB
Source: /lib/systemd/systemd-logind (PID: 7816) File: /run/systemd/users/.#110XdKliF
Source: /lib/systemd/systemd-logind (PID: 7816) File: /run/systemd/sessions/.#c3Wlb9WI
Source: /lib/systemd/systemd-logind (PID: 7816) File: /run/systemd/users/.#110d1nZBM
Source: /lib/systemd/systemd-logind (PID: 7816) File: /run/systemd/seats/.#seat0m5iSgQ
Source: /lib/systemd/systemd-logind (PID: 7816) File: /run/systemd/sessions/.#c2LCwKWT
Source: /lib/systemd/systemd-logind (PID: 7816) File: /run/systemd/users/.#1000wtGFCX
Source: /lib/systemd/systemd-logind (PID: 7816) File: /run/systemd/seats/.#seat0PPFDi1
Source: /lib/systemd/systemd-logind (PID: 7816) File: /run/systemd/sessions/.#c1GrMd14
Source: /lib/systemd/systemd-logind (PID: 7816) File: /run/systemd/users/.#1103nZQJ8
Source: /lib/systemd/systemd-logind (PID: 7816) File: /run/systemd/seats/.#seat0MB3wsc
Source: /lib/systemd/systemd-logind (PID: 7816) File: /run/systemd/users/.#1000PPF9qg
Source: /lib/systemd/systemd-logind (PID: 7816) File: /run/systemd/seats/.#seat0Z790Rn
Source: /lib/systemd/systemd-logind (PID: 7816) File: /run/systemd/users/.#11069rnjv
Source: /lib/systemd/systemd-logind (PID: 7816) File: /run/systemd/sessions/.#c1iqKbLC
Source: /lib/systemd/systemd-logind (PID: 7816) File: /run/systemd/sessions/.#c4pyY2cK
Source: /lib/systemd/systemd-logind (PID: 7816) File: /run/systemd/users/.#110OkZWER
Source: /lib/systemd/systemd-logind (PID: 7816) File: /run/systemd/seats/.#seat0JNOT6Y
Source: /usr/sbin/lightdm (PID: 7912) Directory: /tmp/.X0-lock
Source: /usr/sbin/lightdm (PID: 7912) Directory: /root/.cache
Source: /usr/lib/xorg/Xorg (PID: 7926) File: /tmp/.tX0-lock
Source: /usr/lib/xorg/Xorg (PID: 7926) Directory: /tmp/.X0-lock
Source: /usr/sbin/lightdm (PID: 7973) Directory: /var/lib/lightdm/.Xauthority
Source: /usr/sbin/lightdm (PID: 7973) File: /var/lib/lightdm/.Xauthority
Source: /usr/bin/gnome-keyring-daemon (PID: 7986) Directory: /var/lib/lightdm/.cache
Source: /usr/bin/dbus-launch (PID: 7989) Directory: /var/lib/lightdm/.Xauthority
Source: /usr/bin/dbus-launch (PID: 7989) Directory: /var/lib/lightdm/.dbus
Source: /usr/lib/gvfs/gvfsd (PID: 8007) Directory: /var/lib/lightdm/.cache
Source: /usr/lib/gvfs/gvfsd-fuse (PID: 8014) Directory: /var/lib/lightdm/.gvfs
Source: /usr/lib/gvfs/gvfsd-fuse (PID: 8014) Directory: /var/lib/lightdm/.cache
Source: /bin/fusermount (PID: 8015) Directory: .
Source: /usr/bin/gnome-screensaver (PID: 8067) Directory: /var/lib/lightdm/.Xauthority
Source: /usr/bin/gnome-screensaver (PID: 8067) Directory: /var/lib/lightdm/.Xdefaults
Source: /usr/bin/gnome-screensaver (PID: 8067) Directory: /var/lib/lightdm/.Xdefaults-ubuntu
Source: /usr/bin/gnome-screensaver (PID: 8067) Directory: /var/lib/lightdm/.Xauthority
Source: /usr/bin/gnome-screensaver (PID: 8067) Directory: /var/lib/lightdm/.cache
Source: /usr/lib/dconf/dconf-service (PID: 8129) Directory: /var/lib/lightdm/.cache
Source: /usr/sbin/lightdm-gtk-greeter (PID: 7994) Directory: /var/lib/lightdm/.Xauthority
Source: /usr/sbin/lightdm-gtk-greeter (PID: 7994) Directory: /var/lib/lightdm/.drirc
Source: /usr/sbin/lightdm-gtk-greeter (PID: 7994) Directory: /var/lib/lightdm/.Xdefaults
Source: /usr/sbin/lightdm-gtk-greeter (PID: 7994) Directory: /var/lib/lightdm/.Xdefaults-ubuntu
Source: /usr/sbin/lightdm-gtk-greeter (PID: 7994) Directory: /var/lib/lightdm/.Xauthority
Source: /usr/sbin/lightdm-gtk-greeter (PID: 7994) Directory: /home/james/.face
Source: /usr/sbin/lightdm-gtk-greeter (PID: 7994) Directory: /var/lib/lightdm/.cache
Source: /usr/lib/at-spi2-core/at-spi-bus-launcher (PID: 7996) Directory: /var/lib/lightdm/.Xauthority
Source: /usr/lib/at-spi2-core/at-spi-bus-launcher (PID: 7996) Directory: /var/lib/lightdm/.Xauthority
Source: /usr/lib/at-spi2-core/at-spi-bus-launcher (PID: 7996) Directory: /var/lib/lightdm/.cache
Source: /usr/lib/at-spi2-core/at-spi2-registryd (PID: 8004) Directory: /var/lib/lightdm/.Xauthority
Source: /usr/lib/at-spi2-core/at-spi2-registryd (PID: 8004) Directory: /var/lib/lightdm/.Xauthority
Source: /sbin/upstart (PID: 8028) Directory: /var/lib/lightdm/.init
Source: /sbin/upstart (PID: 8028) Directory: /var/lib/lightdm/.cache
Source: /sbin/upstart (PID: 8028) Directory: /var/lib/lightdm/.config
Source: /usr/lib/x86_64-linux-gnu/indicator-messages/indicator-messages-service (PID: 8030) Directory: /var/lib/lightdm/.cache
Source: /usr/lib/x86_64-linux-gnu/indicator-bluetooth/indicator-bluetooth-service (PID: 8031) Directory: /var/lib/lightdm/.cache
Source: /usr/lib/x86_64-linux-gnu/indicator-power/indicator-power-service (PID: 8032) Directory: /var/lib/lightdm/.cache
Source: /usr/lib/x86_64-linux-gnu/indicator-datetime/indicator-datetime-service (PID: 8033) Directory: /var/lib/lightdm/.cache
Source: /usr/lib/x86_64-linux-gnu/indicator-keyboard/indicator-keyboard-service (PID: 8034) Directory: /var/lib/lightdm/.Xauthority
Source: /usr/lib/x86_64-linux-gnu/indicator-keyboard/indicator-keyboard-service (PID: 8034) Directory: /var/lib/lightdm/.Xdefaults
Source: /usr/lib/x86_64-linux-gnu/indicator-keyboard/indicator-keyboard-service (PID: 8034) Directory: /var/lib/lightdm/.Xdefaults-ubuntu
Source: /usr/lib/x86_64-linux-gnu/indicator-keyboard/indicator-keyboard-service (PID: 8034) Directory: /var/lib/lightdm/.Xauthority
Source: /usr/lib/x86_64-linux-gnu/indicator-keyboard/indicator-keyboard-service (PID: 8034) Directory: /var/lib/lightdm/.Xauthority
Source: /usr/lib/x86_64-linux-gnu/indicator-keyboard/indicator-keyboard-service (PID: 8034) Directory: /var/lib/lightdm/.cache
Source: /usr/lib/x86_64-linux-gnu/indicator-sound/indicator-sound-service (PID: 8035) Directory: /var/lib/lightdm/.Xauthority
Source: /usr/lib/x86_64-linux-gnu/indicator-sound/indicator-sound-service (PID: 8035) Directory: /var/lib/lightdm/.cache
Source: /usr/bin/pulseaudio (PID: 8075) Directory: /var/lib/lightdm/.Xauthority
Source: /usr/lib/x86_64-linux-gnu/indicator-session/indicator-session-service (PID: 8036) Directory: /var/lib/lightdm/.cache
Source: /usr/lib/accountsservice/accounts-daemon (PID: 7936) Directory: /root/.cache
Source: /usr/lib/policykit-1/polkitd (PID: 7948) Directory: /root/.cache
Source: /lib/systemd/systemd-journald (PID: 8142) File: /run/systemd/journal/streams/.#8:478306Zs1lE
Source: /lib/systemd/systemd-journald (PID: 8142) File: /run/systemd/journal/streams/.#8:47835A5LS8X
Source: /lib/systemd/systemd-journald (PID: 8142) File: /run/systemd/journal/streams/.#8:47855tGGp2h
Source: /lib/systemd/systemd-journald (PID: 8142) File: /run/systemd/journal/streams/.#8:480191R2C2C
Source: /lib/systemd/systemd-journald (PID: 8142) File: /run/systemd/journal/streams/.#8:48099ydQGLY
Source: /lib/systemd/systemd-journald (PID: 8142) File: /run/systemd/journal/streams/.#8:48217vNde6k
Source: /lib/systemd/systemd-journald (PID: 8142) File: /run/systemd/journal/streams/.#8:482992WyiVH
Source: /lib/systemd/systemd-journald (PID: 8142) File: /run/systemd/journal/streams/.#8:48432AwmB54
Source: /lib/systemd/systemd-journald (PID: 8142) File: /run/systemd/journal/streams/.#8:48530MVH5ms
Source: /lib/systemd/systemd-journald (PID: 8142) File: /run/systemd/journal/streams/.#8:48628fj1W3P
Source: /lib/systemd/systemd-journald (PID: 8142) File: /run/systemd/journal/streams/.#8:48716OlXz1d
Source: /lib/systemd/systemd-journald (PID: 8142) File: /run/systemd/journal/streams/.#8:48799NiE52B
Source: /lib/systemd/systemd-journald (PID: 8142) File: /run/systemd/journal/streams/.#8:48882gxtLb0
Source: /lib/systemd/systemd-journald (PID: 8142) File: /run/systemd/journal/streams/.#8:48962DFrdno
Source: /lib/systemd/systemd-journald (PID: 8142) File: /run/systemd/journal/streams/.#8:49047ZEzkBM
Source: /lib/systemd/systemd-journald (PID: 8142) File: /run/systemd/journal/streams/.#8:49139xfFsTa
Source: /lib/systemd/systemd-journald (PID: 8142) File: /run/systemd/journal/streams/.#8:49322TxAHEz
Source: /lib/systemd/systemd-journald (PID: 8142) File: /run/systemd/journal/streams/.#8:49407XSZkGY
Source: /lib/systemd/systemd-journald (PID: 8142) File: /run/systemd/journal/streams/.#8:49495BAaQJn
Source: /lib/systemd/systemd-journald (PID: 8142) File: /run/systemd/journal/streams/.#8:49608c6BgVM
Source: /lib/systemd/systemd-journald (PID: 8142) File: /run/systemd/journal/streams/.#8:4971272TCrc
Source: /lib/systemd/systemd-journald (PID: 8142) File: /run/systemd/journal/streams/.#8:498330Dq4jC
Source: /lib/systemd/systemd-journald (PID: 8142) File: /run/systemd/journal/streams/.#8:49912BnATe2
Source: /lib/systemd/systemd-journald (PID: 8142) File: /run/systemd/journal/streams/.#8:5003518jtis
Source: /lib/systemd/systemd-journald (PID: 8142) File: /run/systemd/journal/streams/.#8:50119kTBKnS
Source: /lib/systemd/systemd-journald (PID: 8142) File: /run/systemd/journal/streams/.#8:50236BhDxFi
Source: /lib/systemd/systemd-journald (PID: 8142) File: /run/systemd/journal/streams/.#8:503782fW10I
Source: /lib/systemd/systemd-journald (PID: 8142) File: /run/systemd/journal/streams/.#8:50452SF8rp9
Source: /lib/systemd/systemd-journald (PID: 8142) File: /run/systemd/journal/streams/.#8:50528HcU2Pz
Source: /lib/systemd/systemd-journald (PID: 8142) File: /run/systemd/journal/streams/.#8:50601ZBQVj0
Source: /lib/systemd/systemd-journald (PID: 8142) File: /run/systemd/journal/streams/.#8:50694y2tgTq
Source: /lib/systemd/systemd-journald (PID: 8142) File: /run/systemd/journal/streams/.#8:50787ksIuwR
Source: /lib/systemd/systemd-journald (PID: 8142) File: /run/systemd/journal/streams/.#8:50940it0unu
Source: /lib/systemd/systemd-journald (PID: 8142) File: /run/systemd/journal/streams/.#8:51196H1f3DN
Source: /lib/systemd/systemd-journald (PID: 8142) File: /run/systemd/journal/streams/.#8:51270tOdfW6
Source: /lib/systemd/systemd-logind (PID: 8198) File: /run/systemd/seats/.#seat0a0lqhM
Source: /lib/systemd/systemd-logind (PID: 8198) File: /run/systemd/users/.#110WdbiJ8
Source: /lib/systemd/systemd-logind (PID: 8198) File: /run/systemd/users/.#1109xdEbv
Source: /lib/systemd/systemd-logind (PID: 8198) File: /run/systemd/users/.#10009QxrER
Source: /lib/systemd/systemd-logind (PID: 8198) File: /run/systemd/users/.#1000kfWT7d
Source: /lib/systemd/systemd-logind (PID: 8198) File: /run/systemd/sessions/.#c45o1wBA
Source: /lib/systemd/systemd-logind (PID: 8198) File: /run/systemd/users/.#110KdCc5W
Source: /lib/systemd/systemd-logind (PID: 8198) File: /run/systemd/seats/.#seat09IJUyj
Source: /lib/systemd/systemd-logind (PID: 8198) File: /run/systemd/sessions/.#c33Cod3F
Source: /lib/systemd/systemd-logind (PID: 8198) File: /run/systemd/users/.#110VeAyx2
Source: /lib/systemd/systemd-logind (PID: 8198) File: /run/systemd/seats/.#seat0fogW1o
Source: /lib/systemd/systemd-logind (PID: 8198) File: /run/systemd/sessions/.#c2j5h8wL
Source: /lib/systemd/systemd-logind (PID: 8198) File: /run/systemd/users/.#1000fjZm27
Source: /lib/systemd/systemd-logind (PID: 8198) File: /run/systemd/seats/.#seat0hL2Dxu
Source: /lib/systemd/systemd-logind (PID: 8198) File: /run/systemd/sessions/.#c16Z0m3Q
Source: /lib/systemd/systemd-logind (PID: 8198) File: /run/systemd/users/.#110Flrezd
Source: /lib/systemd/systemd-logind (PID: 8198) File: /run/systemd/seats/.#seat0oHl84z
Source: /lib/systemd/systemd-logind (PID: 8198) File: /run/systemd/users/.#1000KAUhCW
Source: /usr/sbin/lightdm (PID: 8278) Directory: /root/.cache
Source: /usr/sbin/lightdm (PID: 8389) Directory: /root/.cache
Enumerates processes within the "proc" file system
Source: /bin/ps (PID: 6311) File opened: /proc/4691/stat Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/4691/status Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/4691/cmdline Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/4695/stat Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/4695/status Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/4695/cmdline Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/190/stat Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/190/status Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/190/cmdline Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/191/stat Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/191/status Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/191/cmdline Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/193/stat Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/193/status Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/193/cmdline Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/6193/stat Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/6193/status Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/6193/cmdline Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/195/stat Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/195/status Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/195/cmdline Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/6192/stat Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/6192/status Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/6192/cmdline Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/197/stat Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/197/status Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/197/cmdline Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/230/stat Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/230/status Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/230/cmdline Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/231/stat Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/231/status Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/231/cmdline Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/199/stat Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/199/status Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/199/cmdline Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/232/stat Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/232/status Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/232/cmdline Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/233/stat Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/233/status Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/233/cmdline Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/234/stat Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/234/status Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/234/cmdline Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/4609/stat Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/4609/status Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/4609/cmdline Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/235/stat Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/235/status Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/235/cmdline Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/236/stat Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/236/status Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/236/cmdline Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/237/stat Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/237/status Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/237/cmdline Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/479/stat Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/479/status Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/479/cmdline Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/238/stat Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/238/status Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/238/cmdline Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/239/stat Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/239/status Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/239/cmdline Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/6226/stat Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/6226/status Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/6226/cmdline Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/6229/stat Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/6229/status Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/6229/cmdline Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/10/stat Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/10/status Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/10/cmdline Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/11/stat Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/11/status Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/11/cmdline Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/12/stat Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/12/status Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/12/cmdline Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/13/stat Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/13/status Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/13/cmdline Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/14/stat Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/14/status Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/14/cmdline Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/6242/stat Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/6242/status Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/6242/cmdline Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/15/stat Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/15/status Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/15/cmdline Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/16/stat Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/16/status Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/16/cmdline Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/17/stat Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/17/status Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/17/cmdline Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/18/stat Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/18/status Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/18/cmdline Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/19/stat Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/19/status Jump to behavior
Source: /bin/ps (PID: 6311) File opened: /proc/19/cmdline Jump to behavior
Executes commands using a shell command-line interpreter
Source: /tmp/jzyKEkkDsV.elf (PID: 4697) Shell command executed: sh -c "ps -e -o pid,args=" Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 6309) Shell command executed: sh -c "ps -e -o pid,args=" Jump to behavior
Source: /tmp/jzyKEkkDsV.elf (PID: 7868) Shell command executed: sh -c "ps -e -o pid,args=" Jump to behavior
Source: /usr/share/language-tools/language-options (PID: 5310) Shell command executed: sh -c "locale -a | grep -F .utf8 " Jump to behavior
Source: /lib/systemd/systemd (PID: 5214) Shell command executed: /bin/sh -c "[ \"$(basename $(cat /etc/X11/default-display-manager 2>/dev/null))\" = \"lightdm\" ]" Jump to behavior
Source: /lib/systemd/systemd (PID: 6069) Shell command executed: /bin/sh -c "[ \"$(basename $(cat /etc/X11/default-display-manager 2>/dev/null))\" = \"lightdm\" ]"
Source: /lib/systemd/systemd (PID: 6442) Shell command executed: /bin/sh -c "[ \"$(basename $(cat /etc/X11/default-display-manager 2>/dev/null))\" = \"lightdm\" ]"
Source: /usr/share/language-tools/language-options (PID: 6938) Shell command executed: sh -c "locale -a | grep -F .utf8 "
Source: /usr/share/language-tools/language-options (PID: 7012) Shell command executed: sh -c "locale -a | grep -F .utf8 "
Source: /usr/share/language-tools/language-options (PID: 6562) Shell command executed: sh -c "locale -a | grep -F .utf8 "
Source: /lib/systemd/systemd (PID: 7392) Shell command executed: /bin/sh -c "[ \"$(basename $(cat /etc/X11/default-display-manager 2>/dev/null))\" = \"lightdm\" ]"
Source: /usr/share/language-tools/language-options (PID: 7502) Shell command executed: sh -c "locale -a | grep -F .utf8 "
Source: /lib/systemd/systemd (PID: 7907) Shell command executed: /bin/sh -c "[ \"$(basename $(cat /etc/X11/default-display-manager 2>/dev/null))\" = \"lightdm\" ]"
Source: /usr/share/language-tools/language-options (PID: 8097) Shell command executed: sh -c "locale -a | grep -F .utf8 "
Source: /usr/share/language-tools/language-options (PID: 8111) Shell command executed: sh -c "locale -a | grep -F .utf8 "
Source: /usr/share/language-tools/language-options (PID: 7962) Shell command executed: sh -c "locale -a | grep -F .utf8 "
Source: /lib/systemd/systemd (PID: 8273) Shell command executed: /bin/sh -c "[ \"$(basename $(cat /etc/X11/default-display-manager 2>/dev/null))\" = \"lightdm\" ]"
Source: /lib/systemd/systemd (PID: 8370) Shell command executed: /bin/sh -c "[ \"$(basename $(cat /etc/X11/default-display-manager 2>/dev/null))\" = \"lightdm\" ]"
Executes the "grep" command used to find patterns in files or piped streams
Source: /bin/dash (PID: 5012) Grep executable: /bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf Jump to behavior
Source: /bin/dash (PID: 5046) Grep executable: /bin/grep -> grep -G ^blacklist.*fglrx[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf Jump to behavior
Source: /bin/dash (PID: 5071) Grep executable: /bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf Jump to behavior
Source: /bin/dash (PID: 5091) Grep executable: /bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf Jump to behavior
Source: /bin/dash (PID: 5118) Grep executable: /bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf Jump to behavior
Source: /bin/sh (PID: 5314) Grep executable: /bin/grep -> grep -F .utf8 Jump to behavior
Source: /bin/dash (PID: 5896) Grep executable: /bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 5918) Grep executable: /bin/grep -> grep -G ^blacklist.*fglrx[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 5938) Grep executable: /bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 5951) Grep executable: /bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 5965) Grep executable: /bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 6278) Grep executable: /bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 6308) Grep executable: /bin/grep -> grep -G ^blacklist.*fglrx[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 6346) Grep executable: /bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 6367) Grep executable: /bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 6382) Grep executable: /bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/sh (PID: 6947) Grep executable: /bin/grep -> grep -F .utf8
Source: /bin/sh (PID: 7014) Grep executable: /bin/grep -> grep -F .utf8
Source: /bin/sh (PID: 6569) Grep executable: /bin/grep -> grep -F .utf8
Source: /bin/dash (PID: 7227) Grep executable: /bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 7259) Grep executable: /bin/grep -> grep -G ^blacklist.*fglrx[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 7271) Grep executable: /bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 7288) Grep executable: /bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 7299) Grep executable: /bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/sh (PID: 7507) Grep executable: /bin/grep -> grep -F .utf8
Source: /bin/dash (PID: 7854) Grep executable: /bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 7874) Grep executable: /bin/grep -> grep -G ^blacklist.*fglrx[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 7882) Grep executable: /bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 7888) Grep executable: /bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 7896) Grep executable: /bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/sh (PID: 8100) Grep executable: /bin/grep -> grep -F .utf8
Source: /bin/sh (PID: 8113) Grep executable: /bin/grep -> grep -F .utf8
Source: /bin/sh (PID: 7964) Grep executable: /bin/grep -> grep -F .utf8
Source: /bin/dash (PID: 8240) Grep executable: /bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 8242) Grep executable: /bin/grep -> grep -G ^blacklist.*fglrx[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 8244) Grep executable: /bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 8246) Grep executable: /bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 8248) Grep executable: /bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 8343) Grep executable: /bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 8345) Grep executable: /bin/grep -> grep -G ^blacklist.*fglrx[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 8347) Grep executable: /bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 8349) Grep executable: /bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 8351) Grep executable: /bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 8461) Grep executable: /bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 8479) Grep executable: /bin/grep -> grep -G ^blacklist.*fglrx[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Executes the "ps" command used to list the status of processes
Source: /bin/sh (PID: 4699) Ps executable: /bin/ps -> ps -e -o pid,args= Jump to behavior
Source: /bin/sh (PID: 6311) Ps executable: /bin/ps -> ps -e -o pid,args= Jump to behavior
Source: /bin/sh (PID: 7870) Ps executable: /bin/ps -> ps -e -o pid,args= Jump to behavior
Executes the "rm" command used to delete files or directories
Source: /usr/sbin/lightdm (PID: 5337) Rm executable: /bin/rm -> /bin/rm -rf /var/lib/lightdm-data/lightdm Jump to behavior
Source: /usr/sbin/lightdm (PID: 6584) Rm executable: /bin/rm -> /bin/rm -rf /var/lib/lightdm-data/lightdm
Source: /usr/sbin/lightdm (PID: 7525) Rm executable: /bin/rm -> /bin/rm -rf /var/lib/lightdm-data/lightdm
Reads system information from the proc file system
Source: /bin/ps (PID: 4699) Reads from proc file: /proc/meminfo Jump to behavior
Source: /bin/ps (PID: 6311) Reads from proc file: /proc/meminfo Jump to behavior
Source: /bin/ps (PID: 7870) Reads from proc file: /proc/meminfo Jump to behavior
Source: /usr/lib/xorg/Xorg (PID: 5272) Reads from proc file: /proc/cpuinfo Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6280) Reads from proc file: /proc/meminfo
Source: /usr/lib/xorg/Xorg (PID: 6504) Reads from proc file: /proc/cpuinfo
Source: /usr/sbin/lightdm-gtk-greeter (PID: 6696) Reads from proc file: /proc/cpuinfo
Source: /usr/lib/xorg/Xorg (PID: 7443) Reads from proc file: /proc/cpuinfo
Source: /lib/systemd/systemd-logind (PID: 7816) Reads from proc file: /proc/meminfo
Source: /usr/lib/xorg/Xorg (PID: 7926) Reads from proc file: /proc/cpuinfo
Source: /usr/sbin/lightdm-gtk-greeter (PID: 7994) Reads from proc file: /proc/cpuinfo
Reads system version information
Source: /sbin/agetty (PID: 5474) Reads version info: /etc/issue Jump to behavior
Source: /sbin/agetty (PID: 6192) Reads version info: /etc/issue
Source: /sbin/agetty (PID: 7814) Reads version info: /etc/issue
Source: /sbin/agetty (PID: 8354) Reads version info: /etc/issue
Sample tries to set the executable flag
Source: /usr/sbin/lightdm (PID: 5231) File: /var/lib/lightdm-data/lightdm (bits: - usr: - grp: rwx all: rwx) Jump to behavior
Source: /usr/sbin/lightdm (PID: 6465) File: /var/lib/lightdm-data/lightdm (bits: - usr: - grp: rwx all: rwx)
Source: /usr/bin/pulseaudio (PID: 6937) File: /tmp/pulse-PKdhtXMmr18n/native (bits: - usr: rwx grp: rwx all: rwx)
Source: /usr/sbin/lightdm (PID: 7912) File: /var/lib/lightdm-data/lightdm (bits: - usr: - grp: rwx all: rwx)
Source: /usr/bin/pulseaudio (PID: 8090) File: /tmp/pulse-PKdhtXMmr18n/native (bits: - usr: rwx grp: rwx all: rwx)
Source: /usr/bin/gpu-manager (PID: 4978) Log file created: /var/log/gpu-manager.log
Source: /usr/sbin/rsyslogd (PID: 4982) Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 4982) Log file created: /var/log/kern.log
Source: /usr/sbin/lightdm (PID: 5231) Log file created: /var/log/lightdm/lightdm.log
Source: /usr/lib/xorg/Xorg (PID: 5272) Log file created: /var/log/lightdm/x-0.log
Source: /usr/lib/xorg/Xorg (PID: 5272) Log file created: /var/log/Xorg.0.log
Source: /usr/sbin/lightdm (PID: 5628) Log file created: /var/log/lightdm/seat0-greeter.log
Source: /usr/sbin/rsyslogd (PID: 5840) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 5840) Log file created: /var/log/auth.log
Source: /usr/bin/gpu-manager (PID: 5872) Log file created: /var/log/gpu-manager.log
Source: /usr/sbin/lightdm (PID: 6101) Log file created: /var/log/lightdm/lightdm.log
Source: /usr/sbin/rsyslogd (PID: 6122) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6229) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6229) Log file created: /var/log/auth.log
Source: /usr/bin/gpu-manager (PID: 6242) Log file created: /var/log/gpu-manager.log
Source: /usr/sbin/lightdm (PID: 6465) Log file created: /var/log/lightdm/lightdm.log
Source: /usr/lib/xorg/Xorg (PID: 6504) Log file created: /var/log/lightdm/x-0.log
Source: /usr/lib/xorg/Xorg (PID: 6504) Log file created: /var/log/Xorg.0.log
Source: /usr/sbin/lightdm (PID: 6617) Log file created: /var/log/lightdm/seat0-greeter.log
Source: /usr/sbin/lightdm-gtk-greeter (PID: 6696) Log file created: /var/log/lightdm/seat0-greeter.log
Source: /usr/lib/at-spi2-core/at-spi-bus-launcher (PID: 6704) Log file created: /var/log/lightdm/seat0-greeter.log
Source: /usr/bin/dbus-daemon (PID: 6716) Log file created: /var/log/lightdm/seat0-greeter.log
Source: /sbin/upstart (PID: 6769) Log file created: /var/lib/lightdm/.cache/upstart/indicator-sound.log
Source: /sbin/upstart (PID: 6769) Log file created: /var/lib/lightdm/.cache/upstart/indicator-messages.log
Source: /sbin/upstart (PID: 6769) Log file created: /var/log/lightdm/seat0-greeter.log
Source: /sbin/upstart (PID: 6769) Log file created: /var/lib/lightdm/.cache/upstart/indicator-bluetooth.log
Source: /usr/sbin/rsyslogd (PID: 7208) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7208) Log file created: /var/log/auth.log
Source: /usr/bin/gpu-manager (PID: 7209) Log file created: /var/log/gpu-manager.log
Source: /usr/sbin/lightdm (PID: 7398) Log file created: /var/log/lightdm/lightdm.log
Source: /usr/lib/xorg/Xorg (PID: 7443) Log file created: /var/log/lightdm/x-0.log
Source: /usr/lib/xorg/Xorg (PID: 7443) Log file created: /var/log/Xorg.0.log
Source: /usr/sbin/rsyslogd (PID: 7598) Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 7598) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7721) Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 7792) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7792) Log file created: /var/log/auth.log
Source: /usr/bin/gpu-manager (PID: 7799) Log file created: /var/log/gpu-manager.log
Source: /usr/sbin/lightdm (PID: 7912) Log file created: /var/log/lightdm/lightdm.log
Source: /usr/lib/xorg/Xorg (PID: 7926) Log file created: /var/log/lightdm/x-0.log Jump to dropped file
Source: /usr/lib/xorg/Xorg (PID: 7926) Log file created: /var/log/Xorg.0.log Jump to dropped file
Source: /usr/sbin/lightdm (PID: 7973) Log file created: /var/log/lightdm/seat0-greeter.log
Source: /usr/sbin/lightdm-gtk-greeter (PID: 7994) Log file created: /var/log/lightdm/seat0-greeter.log
Source: /usr/lib/at-spi2-core/at-spi-bus-launcher (PID: 7996) Log file created: /var/log/lightdm/seat0-greeter.log
Source: /usr/bin/dbus-daemon (PID: 8002) Log file created: /var/log/lightdm/seat0-greeter.log
Source: /sbin/upstart (PID: 8028) Log file created: /var/lib/lightdm/.cache/upstart/indicator-sound.log Jump to dropped file
Source: /sbin/upstart (PID: 8028) Log file created: /var/lib/lightdm/.cache/upstart/indicator-messages.log Jump to dropped file
Source: /sbin/upstart (PID: 8028) Log file created: /var/lib/lightdm/.cache/upstart/indicator-session.log Jump to dropped file
Source: /sbin/upstart (PID: 8028) Log file created: /var/log/lightdm/seat0-greeter.log Jump to dropped file
Source: /sbin/upstart (PID: 8028) Log file created: /var/lib/lightdm/.cache/upstart/indicator-bluetooth.log Jump to dropped file
Source: /usr/sbin/rsyslogd (PID: 8174) Log file created: /var/log/auth.log
Source: /usr/bin/gpu-manager (PID: 8236) Log file created: /var/log/gpu-manager.log
Source: /usr/sbin/lightdm (PID: 8278) Log file created: /var/log/lightdm/lightdm.log
Source: /usr/sbin/rsyslogd (PID: 8300) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 8300) Log file created: /var/log/auth.log Jump to dropped file
Source: /usr/bin/gpu-manager (PID: 8339) Log file created: /var/log/gpu-manager.log Jump to dropped file
Source: /usr/sbin/lightdm (PID: 8389) Log file created: /var/log/lightdm/lightdm.log Jump to dropped file
Source: /usr/sbin/rsyslogd (PID: 8423) Log file created: /var/log/kern.log Jump to dropped file

Hooking and other Techniques for Hiding and Protection
barindex
Sample deletes itself
Source: /tmp/jzyKEkkDsV.elf (PID: 4691) File: /tmp/jzyKEkkDsV.elf Jump to behavior

Malware Analysis System Evasion
barindex
Searches for VM related strings in files or piped streams (probably for evasion)
Source: /bin/dash (PID: 5012) Grep searching for VM related keyword(s): /bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf Jump to behavior
Source: /bin/dash (PID: 5046) Grep searching for VM related keyword(s): /bin/grep -> grep -G ^blacklist.*fglrx[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf Jump to behavior
Source: /bin/dash (PID: 5071) Grep searching for VM related keyword(s): /bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf Jump to behavior
Source: /bin/dash (PID: 5091) Grep searching for VM related keyword(s): /bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf Jump to behavior
Source: /bin/dash (PID: 5118) Grep searching for VM related keyword(s): /bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf Jump to behavior
Source: /bin/dash (PID: 5896) Grep searching for VM related keyword(s): /bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 5918) Grep searching for VM related keyword(s): /bin/grep -> grep -G ^blacklist.*fglrx[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 5938) Grep searching for VM related keyword(s): /bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 5951) Grep searching for VM related keyword(s): /bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 5965) Grep searching for VM related keyword(s): /bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 6278) Grep searching for VM related keyword(s): /bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 6308) Grep searching for VM related keyword(s): /bin/grep -> grep -G ^blacklist.*fglrx[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 6346) Grep searching for VM related keyword(s): /bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 6367) Grep searching for VM related keyword(s): /bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 6382) Grep searching for VM related keyword(s): /bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 7227) Grep searching for VM related keyword(s): /bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 7259) Grep searching for VM related keyword(s): /bin/grep -> grep -G ^blacklist.*fglrx[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 7271) Grep searching for VM related keyword(s): /bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 7288) Grep searching for VM related keyword(s): /bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 7299) Grep searching for VM related keyword(s): /bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 7854) Grep searching for VM related keyword(s): /bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 7874) Grep searching for VM related keyword(s): /bin/grep -> grep -G ^blacklist.*fglrx[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 7882) Grep searching for VM related keyword(s): /bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 7888) Grep searching for VM related keyword(s): /bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 7896) Grep searching for VM related keyword(s): /bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 8240) Grep searching for VM related keyword(s): /bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 8242) Grep searching for VM related keyword(s): /bin/grep -> grep -G ^blacklist.*fglrx[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 8244) Grep searching for VM related keyword(s): /bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 8246) Grep searching for VM related keyword(s): /bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 8248) Grep searching for VM related keyword(s): /bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 8343) Grep searching for VM related keyword(s): /bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 8345) Grep searching for VM related keyword(s): /bin/grep -> grep -G ^blacklist.*fglrx[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 8347) Grep searching for VM related keyword(s): /bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 8349) Grep searching for VM related keyword(s): /bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 8351) Grep searching for VM related keyword(s): /bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 8461) Grep searching for VM related keyword(s): /bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Source: /bin/dash (PID: 8479) Grep searching for VM related keyword(s): /bin/grep -> grep -G ^blacklist.*fglrx[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist-watchdog.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/fbdev-blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mlx4.conf /etc/modprobe.d/qemu-system-x86.conf /etc/modprobe.d/vmwgfx-fbdev.conf
Deletes log files
Source: /usr/bin/gpu-manager (PID: 4978) Truncated file: /var/log/gpu-manager.log Jump to behavior
Source: /usr/lib/xorg/Xorg (PID: 5272) Truncated file: /var/log/Xorg.0.log Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5872) Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 6242) Truncated file: /var/log/gpu-manager.log
Source: /usr/lib/xorg/Xorg (PID: 6504) Truncated file: /var/log/Xorg.0.log
Source: /usr/bin/gpu-manager (PID: 7209) Truncated file: /var/log/gpu-manager.log
Source: /usr/lib/xorg/Xorg (PID: 7443) Truncated file: /var/log/Xorg.0.log
Source: /usr/bin/gpu-manager (PID: 7799) Truncated file: /var/log/gpu-manager.log
Source: /usr/lib/xorg/Xorg (PID: 7926) Truncated file: /var/log/Xorg.0.log
Source: /usr/bin/gpu-manager (PID: 8236) Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 8339) Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 8453) Truncated file: /var/log/gpu-manager.log
Reads CPU information from /proc indicative of miner or evasive malware
Source: /usr/lib/xorg/Xorg (PID: 5272) Reads CPU info from proc file: /proc/cpuinfo Jump to behavior
Source: /usr/lib/xorg/Xorg (PID: 6504) Reads CPU info from proc file: /proc/cpuinfo
Source: /usr/sbin/lightdm-gtk-greeter (PID: 6696) Reads CPU info from proc file: /proc/cpuinfo
Source: /usr/lib/xorg/Xorg (PID: 7443) Reads CPU info from proc file: /proc/cpuinfo
Source: /usr/lib/xorg/Xorg (PID: 7926) Reads CPU info from proc file: /proc/cpuinfo
Source: /usr/sbin/lightdm-gtk-greeter (PID: 7994) Reads CPU info from proc file: /proc/cpuinfo
Reads CPU information from /sys indicative of miner or evasive malware
Source: /usr/lib/xorg/Xorg (PID: 5272) Reads CPU info from /sys: /sys/devices/system/cpu/online Jump to behavior
Source: /usr/lib/xorg/Xorg (PID: 6504) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/sbin/lightdm-gtk-greeter (PID: 6696) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/lib/x86_64-linux-gnu/indicator-session/indicator-session-service (PID: 6795) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/lib/xorg/Xorg (PID: 7443) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/lib/xorg/Xorg (PID: 7926) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/sbin/lightdm-gtk-greeter (PID: 7994) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/lib/x86_64-linux-gnu/indicator-session/indicator-session-service (PID: 8036) Reads CPU info from /sys: /sys/devices/system/cpu/online
Uses the "uname" system call to query kernel version information (possible evasion)
Source: /tmp/jzyKEkkDsV.elf (PID: 4685) Queries kernel information via 'uname': Jump to behavior
Source: /bin/ps (PID: 4699) Queries kernel information via 'uname': Jump to behavior
Source: /bin/ps (PID: 6311) Queries kernel information via 'uname': Jump to behavior
Source: /bin/ps (PID: 7870) Queries kernel information via 'uname': Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 4719) Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/indicator-keyboard/indicator-keyboard-service (PID: 4780) Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/indicator-power/indicator-power-service (PID: 4781) Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/gpu-manager (PID: 4978) Queries kernel information via 'uname': Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 4982) Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/indicator-power/indicator-power-service (PID: 5152) Queries kernel information via 'uname': Jump to behavior
Source: /usr/sbin/lightdm (PID: 5231) Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/xorg/Xorg (PID: 5272) Queries kernel information via 'uname': Jump to behavior
Source: /sbin/agetty (PID: 5474) Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/indicator-keyboard/indicator-keyboard-service (PID: 5666) Queries kernel information via 'uname': Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5840) Queries kernel information via 'uname':
Source: /usr/bin/gpu-manager (PID: 5872) Queries kernel information via 'uname':
Source: /usr/sbin/lightdm (PID: 6101) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6122) Queries kernel information via 'uname':
Source: /sbin/agetty (PID: 6192) Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6222) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6229) Queries kernel information via 'uname':
Source: /usr/bin/gpu-manager (PID: 6242) Queries kernel information via 'uname':
Source: /usr/sbin/lightdm (PID: 6465) Queries kernel information via 'uname':
Source: /usr/lib/xorg/Xorg (PID: 6504) Queries kernel information via 'uname':
Source: /usr/bin/dbus-launch (PID: 6673) Queries kernel information via 'uname':
Source: /usr/bin/gnome-screensaver (PID: 6876) Queries kernel information via 'uname':
Source: /usr/sbin/lightdm-gtk-greeter (PID: 6696) Queries kernel information via 'uname':
Source: /usr/lib/at-spi2-core/at-spi-bus-launcher (PID: 6704) Queries kernel information via 'uname':
Source: /usr/lib/at-spi2-core/at-spi2-registryd (PID: 6724) Queries kernel information via 'uname':
Source: /usr/lib/x86_64-linux-gnu/indicator-power/indicator-power-service (PID: 6791) Queries kernel information via 'uname':
Source: /usr/lib/x86_64-linux-gnu/indicator-keyboard/indicator-keyboard-service (PID: 6793) Queries kernel information via 'uname':
Source: /usr/lib/x86_64-linux-gnu/indicator-sound/indicator-sound-service (PID: 6794) Queries kernel information via 'uname':
Source: /usr/bin/pulseaudio (PID: 6896) Queries kernel information via 'uname':
Source: /usr/bin/pulseaudio (PID: 6937) Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7177) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7208) Queries kernel information via 'uname':
Source: /usr/bin/gpu-manager (PID: 7209) Queries kernel information via 'uname':
Source: /usr/sbin/lightdm (PID: 7398) Queries kernel information via 'uname':
Source: /usr/lib/xorg/Xorg (PID: 7443) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7598) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7721) Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7754) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7792) Queries kernel information via 'uname':
Source: /usr/bin/gpu-manager (PID: 7799) Queries kernel information via 'uname':
Source: /sbin/agetty (PID: 7814) Queries kernel information via 'uname':
Source: /usr/sbin/lightdm (PID: 7912) Queries kernel information via 'uname':
Source: /usr/lib/xorg/Xorg (PID: 7926) Queries kernel information via 'uname':
Source: /usr/bin/dbus-launch (PID: 7989) Queries kernel information via 'uname':
Source: /usr/bin/gnome-screensaver (PID: 8067) Queries kernel information via 'uname':
Source: /usr/sbin/lightdm-gtk-greeter (PID: 7994) Queries kernel information via 'uname':
Source: /usr/lib/at-spi2-core/at-spi-bus-launcher (PID: 7996) Queries kernel information via 'uname':
Source: /usr/lib/at-spi2-core/at-spi2-registryd (PID: 8004) Queries kernel information via 'uname':
Source: /usr/lib/x86_64-linux-gnu/indicator-power/indicator-power-service (PID: 8032) Queries kernel information via 'uname':
Source: /usr/lib/x86_64-linux-gnu/indicator-keyboard/indicator-keyboard-service (PID: 8034) Queries kernel information via 'uname':
Source: /usr/lib/x86_64-linux-gnu/indicator-sound/indicator-sound-service (PID: 8035) Queries kernel information via 'uname':
Source: /usr/bin/pulseaudio (PID: 8075) Queries kernel information via 'uname':
Source: /usr/bin/pulseaudio (PID: 8090) Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 8142) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 8174) Queries kernel information via 'uname':
Source: /usr/bin/gpu-manager (PID: 8236) Queries kernel information via 'uname':
Source: /usr/sbin/lightdm (PID: 8278) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 8300) Queries kernel information via 'uname':
Source: /usr/bin/gpu-manager (PID: 8339) Queries kernel information via 'uname':
Source: /sbin/agetty (PID: 8354) Queries kernel information via 'uname':
Source: /usr/sbin/lightdm (PID: 8389) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 8423) Queries kernel information via 'uname':
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_opts_set_defaults
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.650] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration factor: 2.000
Source: Xorg.0.log.390.dr Binary or memory string: [ 386.975] (II) vmware(0): Not using default mode "896x672" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.883] (II) vmware(0): Modeline "640x480"x85.0 36.00 640 696 752 832 480 481 484 509 -hsync -vsync (43.3 kHz d)
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.541] (II) vmware(0): Not using default mode "320x200" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.390.dr Binary or memory string: [ 386.990] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.679] (**) vmware(0): Default mode "800x600": 50.0 MHz, 48.1 kHz, 72.2 Hz
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.533] (--) vmware(0): bpp: 32
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_opt_foreach
Source: Xorg.0.log.390.dr Binary or memory string: [ 386.995] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.467] (II) vmware(0): Not using default mode "320x200" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.726] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
Source: Xorg.0.log.127.dr Binary or memory string: [ 373.098] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/event2)
Source: Xorg.0.log.390.dr Binary or memory string: [ 386.979] (II) vmware(0): Not using default mode "1920x1440" (insufficient memory for mode)
Source: Xorg.0.log.596.dr Binary or memory string: [ 423.173] (--) evdev: VirtualPS/2 VMware VMMouse: Vendor 0x2 Product 0x13
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: /build/qemu-hP0tKe/qemu-2.5+dfsg/disas.c
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.714] (II) vmware(0): Initialized VMware Xinerama extension.
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.842] (**) vmware(0): Default mode "1024x768": 75.0 MHz, 56.5 kHz, 70.1 Hz
Source: Xorg.0.log.127.dr Binary or memory string: [ 373.114] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration threshold: 4
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.022] (**) vmware(0): Default mode "800x600": 49.5 MHz, 46.9 kHz, 75.0 Hz
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.582] (II) vmware(0): Not using default mode "640x480" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.613] (II) vmware(0): Not using default mode "1600x1024" (insufficient memory for mode)
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.827] (II) config/udev: Adding input device VMware VMware Virtual USB Mouse (/dev/input/event4)
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.647] (**) vmware(0): Virtual size is 800x600 (pitch 1176)
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: usage: qemu-mips [options] program [arguments...]
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: print this helpQEMU_GDBwait gdb connection to 'port'QEMU_LD_PREFIXQEMU_STACK_SIZEQEMU_CPUmodelQEMU_SET_ENVvar=valueQEMU_UNSET_ENVQEMU_ARGV0argv0QEMU_UNAMEunameQEMU_GUEST_BASEQEMU_RESERVED_VAQEMU_LOGitem[,...]QEMU_LOG_FILENAMElogfileQEMU_PAGESIZEpagesizesinglestepQEMU_SINGLESTEPrun in singlestep modestracelog system callsseedQEMU_VERSION/etc/qemu-binfmt/mips
Source: Xorg.0.log.596.dr Binary or memory string: [ 423.092] (--) evdev: VMware VMware Virtual USB Mouse: Vendor 0xe0f Product 0x3
Source: Xorg.0.log.596.dr Binary or memory string: [ 423.092] (--) evdev: VMware VMware Virtual USB Mouse: Found scroll wheel(s)
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.615] (**) VirtualPS/2 VMware VMMouse: always reports core events
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.520] (II) vmware(0): Modeline "800x600"x75.0 49.50 800 816 896 1056 600 601 604 625 +hsync +vsync (46.9 kHz d)
Source: Xorg.0.log.390.dr Binary or memory string: [ 386.999] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.088] (II) LoadModule: "vmware"
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: /usr/lib/x86_64-linux-gnu/qemu
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_strtosz_suffix
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.465] (==) vmware(0): RGB weight 888
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.589] (II) vmware(0): Not using default mode "680x384" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.687] (**) vmware(0): Default mode "640x480": 25.2 MHz, 31.5 kHz, 59.9 Hz
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.822] (**) vmware(0): Default mode "1152x864": 96.8 MHz, 63.0 kHz, 70.0 Hz
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.510] (II) vmware(0): Modeline "1152x864"x100.0 143.47 1152 1232 1360 1568 864 865 868 915 -hsync +vsync (91.5 kHz d)
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_ld_i32
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.579] (II) evdev: VMware VMware Virtual USB Mouse: initialized for relative axes.
Source: Xorg.0.log.596.dr Binary or memory string: [ 423.226] (--) evdev: VirtualPS/2 VMware VMMouse: Found x and y absolute axes
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.467] (II) vmware(0): Not using default mode "320x175" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.489] (II) vmware(0): Not using default mode "960x720" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.527] (--) vmware(0): depth: 24
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: /build/qemu-hP0tKe/qemu-2.5+dfsg/thunk.c
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.488] (II) vmware(0): Not using default mode "1856x1392" (insufficient memory for mode)
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.644] (II) vmware(0): Not using default mode "960x720" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.390.dr Binary or memory string: [ 386.962] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.390.dr Binary or memory string: [ 386.951] (II) vmware(0): Not using default mode "320x175" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.390.dr Binary or memory string: [ 386.962] (II) vmware(0): Not using default mode "1280x960" (insufficient memory for mode)
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.564] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
Source: Xorg.0.log.127.dr Binary or memory string: [ 372.980] (**) VMware VMware Virtual USB Mouse: (accel) keeping acceleration scheme 1
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.591] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.027] (II) vmware(0): Modeline "640x480"x85.0 36.00 640 696 752 832 480 481 484 509 -hsync -vsync (43.3 kHz d)
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_utimens
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.641] (**) evdev: VirtualPS/2 VMware VMMouse: Device: "/dev/input/event2"
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_opts_from_qdict
Source: Xorg.0.log.596.dr Binary or memory string: [ 423.234] (**) VirtualPS/2 VMware VMMouse: (accel) keeping acceleration scheme 1
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu: %s: %s
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_allocate_irqs
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.490] (II) vmware(0): Not using default mode "960x720" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.127.dr Binary or memory string: [ 373.073] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration threshold: 4
Source: Xorg.0.log.390.dr Binary or memory string: [ 386.502] (II) Module vmware: vendor="X.Org Foundation"
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: /build/qemu-hP0tKe/qemu-2.5+dfsg/qobject/qlist.c
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_print_log_usage
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_pipe
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: /build/qemu-hP0tKe/qemu-2.5+dfsg/tcg/tcg-op.cUnrecognized operation %d in do_constant_folding.
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.014] (**) vmware(0): Default mode "1152x864": 81.6 MHz, 53.7 kHz, 60.0 Hz
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_opt_get_size
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.532] (--) vmware(0): caps: 0xFDFF83E2
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.478] (II) vmware(0): Not using default mode "1280x1024" (insufficient memory for mode)
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.562] (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_sem_destroy
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: /build/qemu-hP0tKe/qemu-2.5+dfsg/exec.c
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.508] (**) VMware VMware Virtual USB Mouse: Applying InputClass "evdev pointer catchall"
Source: Xorg.0.log.127.dr Binary or memory string: [ 373.114] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration factor: 2.000
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.898] (II) evdev: VMware VMware Virtual USB Mouse: initialized for relative axes.
Source: Xorg.0.log.596.dr Binary or memory string: [ 421.926] (==) Matched vmware as autoconfigured driver 0
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: /build/qemu-hP0tKe/qemu-2.5+dfsg/target-mips/helper.c%s pc %08x ad %lx rw %d mmu_idx %d
Source: Xorg.0.log.127.dr Binary or memory string: [ 372.966] (--) evdev: VMware VMware Virtual USB Mouse: Found x and y relative axes
Source: Xorg.0.log.127.dr Binary or memory string: [ 373.114] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration profile 0
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_init_exec_dir
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.683] (II) vmware(0): Not using default mode "1360x768" (width requires unsupported line pitch)
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.583] (II) vmware(0): Not using default mode "640x512" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.516] (II) vmware(0): Modeline "1024x768"x85.0 94.50 1024 1072 1168 1376 768 769 772 808 +hsync +vsync (68.7 kHz d)
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.580] (II) vmware(0): Not using default mode "1280x960" (insufficient memory for mode)
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.621] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.596.dr Binary or memory string: [ 421.980] (II) LoadModule: "vmware"
Source: Xorg.0.log.390.dr Binary or memory string: [ 386.980] (II) vmware(0): Not using default mode "960x720" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.975] (II) vmware(0): Initialized VMWARE_CTRL extension version 0.2
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.527] (**) vmware(0): Default mode "640x400": 31.5 MHz, 37.9 kHz, 85.1 Hz
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.643] (--) evdev: VirtualPS/2 VMware VMMouse: Found absolute axes
Source: Xorg.0.log.390.dr Binary or memory string: [ 386.973] (II) vmware(0): Not using default mode "1792x1344" (insufficient memory for mode)
Source: Xorg.0.log.596.dr Binary or memory string: [ 423.243] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/mouse0)
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.890] (--) evdev: VMware VMware Virtual USB Mouse: Found x and y relative axes
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.485] (II) vmware(0): Not using default mode "1792x1344" (insufficient memory for mode)
Source: Xorg.0.log.390.dr Binary or memory string: [ 386.950] (==) vmware(0): Will set up a driver mode with dimensions 800x600.
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: /build/qemu-hP0tKe/qemu-2.5+dfsg/linux-user/elfload.c
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.804] (II) vmware(0): Modeline "vmwlegacy-default-800x600"x60.0 36.25 800 801 802 1002 600 601 602 603 (36.2 kHz ez)
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.942] (--) evdev: VirtualPS/2 VMware VMMouse: Found absolute touchscreen
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.574] (II) vmware(0): Not using default mode "1856x1392" (insufficient memory for mode)
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.179] (II) vmware(0): Creating default Display subsection in Screen section
Source: Xorg.0.log.390.dr Binary or memory string: [ 386.998] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
Source: Xorg.0.log.596.dr Binary or memory string: [ 423.107] (**) VMware VMware Virtual USB Mouse: (accel) acceleration threshold: 4
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu: missing argument for option '%s'
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.018] (II) vmware(0): Modeline "1024x768"x70.1 75.00 1024 1048 1184 1328 768 771 777 806 -hsync -vsync (56.5 kHz d)
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.026] (II) Module vmware: vendor="X.Org Foundation"
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: /build/qemu-hP0tKe/qemu-2.5+dfsg/qapi/qmp-output-visitor.c
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.572] (II) vmware(0): Not using default mode "1792x1344" (insufficient memory for mode)
Source: Xorg.0.log.596.dr Binary or memory string: [ 423.226] (II) evdev: VirtualPS/2 VMware VMMouse: Configuring as touchscreen
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: /build/qemu-hP0tKe/qemu-2.5+dfsg/util/envlist.c
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.003] (II) vmware(0): Not using default mode "1024x768" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.589] (II) vmware(0): Not using default mode "1280x1024" (insufficient memory for mode)
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.790] (II) vmware(0): Not using default mode "1024x768" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.031] (**) vmware(0): Default mode "720x400": 35.5 MHz, 37.9 kHz, 85.0 Hz
Source: Xorg.0.log.596.dr Binary or memory string: [ 423.095] (**) evdev: VMware VMware Virtual USB Mouse: EmulateWheelButton: 4, EmulateWheelInertia: 10, EmulateWheelTimeout: 200
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: opt->desc && opt->desc->type == QEMU_OPT_NUMBER
Source: Xorg.0.log.596.dr Binary or memory string: [ 423.106] (**) VMware VMware Virtual USB Mouse: (accel) acceleration profile 0
Source: Xorg.0.log.127.dr Binary or memory string: [ 370.774] (II) LoadModule: "vmware"
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_opt_has_help_opt
Source: Xorg.0.log.596.dr Binary or memory string: [ 423.181] (II) evdev: VirtualPS/2 VMware VMMouse: Configuring as mouse
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.545] (==) vmware(0): Depth 24, (==) framebuffer bpp 32
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_opts_reset
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: /build/qemu-hP0tKe/qemu-2.5+dfsg/target-mips/translate.c
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.885] (--) evdev: VMware VMware Virtual USB Mouse: Found 12 mouse buttons
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: QEMU_RESERVED_VA
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: /build/qemu-hP0tKe/qemu-2.5+dfsg/target-mips/helper.c
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_strtosz_suffix_unit
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.028] (**) vmware(0): Default mode "640x480": 31.5 MHz, 37.5 kHz, 75.0 Hz
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: /build/qemu-hP0tKe/qemu-2.5+dfsg/qobject/json-parser.c
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.549] (II) vmware(0): Not using default mode "1024x768i" (bad mode clock/interlace/doublescan)
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: /build/qemu-hP0tKe/qemu-2.5+dfsg/qobject/qbool.c
Source: Xorg.0.log.390.dr Binary or memory string: [ 386.976] (II) vmware(0): Not using default mode "1856x1392" (insufficient memory for mode)
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.714] (II) vmware(0): vgaHWGetIOBase: hwp->IOBase is 0x03d0
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_ld_i64
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.988] (II) vmware(0): vgaHWGetIOBase: hwp->IOBase is 0x03d0
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: QEMU_SET_ENV=var1=val2,var2=val2 QEMU_UNSET_ENV=LD_PRELOAD,LD_DEBUG
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.623] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_%s_%s_%d.core
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.482] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: cpu_write_elf32_qemunote
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: QEMU_UNSET_ENV environment variables to set and unset
Source: jzyKEkkDsV.elf, 4685.1.00007ffefd987000.00007ffefd9a8000.rw-.sdmp Binary or memory string: /usr/bin/qemu-mips
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.034] (**) vmware(0): Default mode "640x350": 31.5 MHz, 37.9 kHz, 85.1 Hz
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.571] (II) evdev: VMware VMware Virtual USB Mouse: Configuring as mouse
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.746] (II) vmware(0): Not using default mode "960x540" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.589] (II) vmware(0): Not using default mode "640x512" (bad mode clock/interlace/doublescan)
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: tcg_gen_qemu_st_i32
Source: Xorg.0.log.390.dr Binary or memory string: [ 386.961] (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.747] (II) vmware(0): Not using default mode "960x600" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.596.dr Binary or memory string: [ 423.225] (--) evdev: VirtualPS/2 VMware VMMouse: Found absolute axes
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.788] (II) vmware(0): Not using default mode "2048x1536" (insufficient memory for mode)
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.588] (II) vmware(0): Not using default mode "1280x1024" (insufficient memory for mode)
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.790] (**) vmware(0): Virtual size is 800x600 (pitch 1176)
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_opt_get
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: /build/qemu-hP0tKe/qemu-2.5+dfsg/target-mips/cpu.c
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.486] (II) vmware(0): Not using default mode "1792x1344" (insufficient memory for mode)
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.502] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.032] (II) vmware(0): Modeline "720x400"x85.0 35.50 720 756 828 936 400 401 404 446 -hsync +vsync (37.9 kHz d)
Source: Xorg.0.log.127.dr Binary or memory string: [ 370.786] (II) Loading /usr/lib/xorg/modules/drivers/vmware_drv.so
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.805] (**) vmware(0): Default mode "1152x864": 121.5 MHz, 77.5 kHz, 85.1 Hz
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.570] (--) evdev: VMware VMware Virtual USB Mouse: Found x and y relative axes
Source: Xorg.0.log.390.dr Binary or memory string: [ 386.813] (WW) vmware(0): Disabling 3D support.
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.658] (**) vmware(0): Default mode "1152x864": 119.7 MHz, 77.1 kHz, 85.0 Hz
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_loglevel
Source: Xorg.0.log.390.dr Binary or memory string: [ 386.969] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.618] (--) evdev: VirtualPS/2 VMware VMMouse: Found scroll wheel(s)
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.567] (--) evdev: VMware VMware Virtual USB Mouse: Found scroll wheel(s)
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.589] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_fdatasync
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_opts_do_parse
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.017] (II) vmware(0): Modeline "1024x768"x75.0 78.75 1024 1040 1136 1312 768 769 772 800 +hsync +vsync (60.0 kHz d)
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.668] (**) vmware(0): Default mode "1152x864": 96.8 MHz, 63.0 kHz, 70.0 Hz
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.684] (II) vmware(0): Modeline "800x600"x60.3 40.00 800 840 968 1056 600 601 605 628 +hsync +vsync (37.9 kHz d)
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: /build/qemu-hP0tKe/qemu-2.5+dfsg/thunk.c*type_ptr < max_struct_entriesid < max_struct_entriesInvalid type 0x%x
Source: Xorg.0.log.127.dr Binary or memory string: [ 372.982] (**) VMware VMware Virtual USB Mouse: (accel) acceleration threshold: 4
Source: Xorg.0.log.390.dr Binary or memory string: [ 386.817] (--) vmware(0): VMware SVGA regs at (0x1070, 0x1071)
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: tcg_gen_qemu_ld_i32
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.010] (**) vmware(0): Default mode "1152x864": 119.7 MHz, 77.1 kHz, 85.0 Hz
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: /build/qemu-hP0tKe/qemu-2.5+dfsg/util/oslib-posix.c
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.683] (**) vmware(0): Default mode "800x600": 40.0 MHz, 37.9 kHz, 60.3 Hz
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.821] (II) vmware(0): Modeline "1152x864"x75.0 104.99 1152 1224 1352 1552 864 865 868 902 -hsync +vsync (67.6 kHz d)
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_sem_init
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.494] (II) vmware(0): Not using default mode "680x384" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.596.dr Binary or memory string: [ 423.189] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration factor: 2.000
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: /build/qemu-hP0tKe/qemu-2.5+dfsg/hw/core/qdev-properties.c
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.495] (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.526] (**) vmware(0): Default mode "720x400": 35.5 MHz, 37.9 kHz, 85.0 Hz
Source: Xorg.0.log.390.dr Binary or memory string: [ 386.965] (II) vmware(0): Not using default mode "1280x1024" (insufficient memory for mode)
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.879] (**) vmware(0): Default mode "800x600": 36.0 MHz, 35.2 kHz, 56.2 Hz
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu: unknown option '%s'
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.642] (--) evdev: VirtualPS/2 VMware VMMouse: Vendor 0x2 Product 0x13
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: 24KfQEMU_STRACEQEMU_RAND_SEED/proc/sys/vm/mmap_min_addr%luhost mmap_min_addr=0x%lx
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_cond_init
Source: Xorg.0.log.596.dr Binary or memory string: [ 423.092] (--) evdev: VMware VMware Virtual USB Mouse: Found 12 mouse buttons
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: attempt to add duplicate property '%s' to object (type '%s')Insufficient permission to perform this operation/build/qemu-hP0tKe/qemu-2.5+dfsg/include/qapi/qmp/qobject.hInvalid parameter type for '%s', expected: %sProperty %s on %s is not '%s' enum typechild object is already parentedPath '%s' does not uniquely identify an objectinfo->name != NULL!enumerating_typeschild<struct tmtm_yeartm_montm_mdaytm_hourtm_mintm_sectype->parent_type != NULLtarget_type%s::%s<=info->parent>=size >= type->instance_sizetype->abstract == falseobj->ref > 0==obj->ref == 0Property '.%s' not found!obj || obj->refcntobj->type != NULLobj->type->destroy != NULLstringbooleancontainer/objectschild<%s>invalid object type: %sobject type '%s' is abstractuser-creatablelink<%s>objobj->parent != NULL%s/%spartsDevice '%s' not foundlink%sobject_resolve_path_typeobject_get_canonical_path_componentobject_resolve_linkobject_property_add_childobject_property_get_enumobject_property_get_intobject_property_get_boolobject_property_get_linkobject_property_get_strqobject_decrefobject_property_setobject_property_getobject_property_delobject_property_findobject_property_addobject_finalizeobject_unrefobject_set_propvobject_new_with_propvobject_new_with_typetype_get_parenttype_is_ancestortype_initializeobject_initialize_with_typetype_table_addtype_newtype_register/build/qemu-hP0tKe/qemu-2.5+dfsg/qom/container.cparts != NULL && parts[0] != NULL && !parts[0][0]container_get/build/qemu-hP0tKe/qemu-2.5+dfsg/qom/object_interfaces.cuser_creatable_can_be_deleteduser_creatable_complete/build/qemu-hP0tKe/qemu-2.5+dfsg/crypto/aes.cin && out && keyin && out && key && ivecAES_cbc_encryptAES_decryptAES_encrypt
Source: Xorg.0.log.596.dr Binary or memory string: [ 423.177] (--) evdev: VirtualPS/2 VMware VMMouse: Found x and y relative axes
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.807] (II) vmware(0): Modeline "1152x864"x85.0 119.65 1152 1224 1352 1552 864 865 868 907 -hsync +vsync (77.1 kHz d)
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.497] (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.683] (II) vmware(0): Not using default mode "680x384" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.023] (II) vmware(0): Modeline "800x600"x75.0 49.50 800 816 896 1056 600 601 604 625 +hsync +vsync (46.9 kHz d)
Source: Xorg.0.log.596.dr Binary or memory string: [ 423.227] (**) evdev: VirtualPS/2 VMware VMMouse: YAxisMapping: buttons 4 and 5
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.583] (II) vmware(0): Not using default mode "1280x1024" (insufficient memory for mode)
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.886] (**) vmware(0): Default mode "640x480": 31.5 MHz, 37.9 kHz, 72.8 Hz
Source: Xorg.0.log.728.dr Binary or memory string: [ 461.747] (II) evdev: VirtualPS/2 VMware VMMouse: Close
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.547] (==) vmware(0): Default visual is TrueColor
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.596] (II) vmware(0): Not using default mode "1440x900" (insufficient memory for mode)
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.527] (--) vmware(0): bpp: 32
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.942] (II) evdev: VirtualPS/2 VMware VMMouse: Configuring as touchscreen
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.884] (--) evdev: VMware VMware Virtual USB Mouse: Vendor 0xe0f Product 0x3
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.019] (II) vmware(0): Creating default Display subsection in Screen section
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.925] (II) evdev: VirtualPS/2 VMware VMMouse: Adding scrollwheel support
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: /build/qemu-hP0tKe/qemu-2.5+dfsg/include/qapi/qmp/qobject.h
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.476] (II) vmware(0): Not using default mode "1280x960" (insufficient memory for mode)
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.670] (II) vmware(0): Modeline "1024x768"x85.0 94.50 1024 1072 1168 1376 768 769 772 808 +hsync +vsync (68.7 kHz d)
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.504] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_thread_join
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.584] (**) VMware VMware Virtual USB Mouse: (accel) acceleration threshold: 4
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.127] (II) vmware(0): Initialized VMware Xv extension successfully.
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: /build/qemu-hP0tKe/qemu-2.5+dfsg/util/qemu-option.c
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.671] (**) vmware(0): Default mode "1024x768": 75.0 MHz, 56.5 kHz, 70.1 Hz
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.524] (--) vmware(0): caps: 0xFDFF83E2
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.645] (II) vmware(0): Not using default mode "1024x768" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.534] (--) vmware(0): pbase: 0xe8000000
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_anon_ram_alloc
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: protstart < endpage_set_flagstb_gen_codecpu_restore_state_from_tbtb_unlocktb_lock/build/qemu-hP0tKe/qemu-2.5+dfsg/cpu-exec.c/build/qemu-hP0tKe/qemu-2.5+dfsg/include/qom/cpu.h/build/qemu-hP0tKe/qemu-2.5+dfsg/include/qemu/rcu.hcc->set_pcTrace %p [%08x] %s
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.591] (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.541] (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.560] (II) vmware(0): Initialized VMware Xv extension successfully.
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.828] (**) VMware VMware Virtual USB Mouse: Applying InputClass "evdev pointer catchall"
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: /build/qemu-hP0tKe/qemu-2.5+dfsg/util/error.c
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.000] (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.535] (==) vmware(0): Using gamma correction (1.0, 1.0, 1.0)
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.878] (**) vmware(0): Default mode "800x600": 40.0 MHz, 37.9 kHz, 60.3 Hz
Source: Xorg.0.log.127.dr Binary or memory string: [ 372.974] (II) XINPUT: Adding extended input device "VMware VMware Virtual USB Mouse" (type: MOUSE, id 7)
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.082] (==) Matched vmware as autoconfigured driver 0
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: /build/qemu-hP0tKe/qemu-2.5+dfsg/linux-user/mmap.ch2g_valid(ptr)ret == 0h2g_valid(host_start)h2g_valid(host_addr)target_mremaptarget_mmapmmap_find_vmacore dumpedqemu: uncaught target signal %d (%s) - %s
Source: Xorg.0.log.390.dr Binary or memory string: [ 386.950] (==) vmware(0): Using gamma correction (1.0, 1.0, 1.0)
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.650] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration profile 0
Source: Xorg.0.log.596.dr Binary or memory string: [ 423.167] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/event3)
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_set_irq
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_anon_ram_free
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_extend_irqs
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.513] (II) vmware(0): Modeline "1152x864"x75.0 104.99 1152 1224 1352 1552 864 865 868 902 -hsync +vsync (67.6 kHz d)
Source: Xorg.0.log.596.dr Binary or memory string: [ 423.094] (**) evdev: VMware VMware Virtual USB Mouse: YAxisMapping: buttons 4 and 5
Source: Xorg.0.log.390.dr Binary or memory string: [ 386.972] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.019] (**) vmware(0): Default mode "1024x768": 65.0 MHz, 48.4 kHz, 60.0 Hz
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.712] (II) vmware(0): Initialized VMWARE_CTRL extension version 0.2
Source: Xorg.0.log.127.dr Binary or memory string: [ 373.056] (--) evdev: VirtualPS/2 VMware VMMouse: Found x and y relative axes
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.543] (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: 4Km4KEcR14KEmR14KEc4KEm24Kc34Kf74KfM14KM14KcP5600mips32r6-genericw1.d0w1.d1w2.d0w2.d1w3.d0w3.d1w4.d0w4.d1w5.d0w5.d1w6.d0w6.d1w7.d0w7.d1w8.d0w8.d1w9.d0w9.d1w10.d0w10.d1w11.d0w11.d1w12.d0w12.d1w13.d0w13.d1w14.d0w14.d1w15.d0w15.d1w16.d0w16.d1w17.d0w17.d1w18.d0w18.d1w19.d0w19.d1w20.d0w20.d1w21.d0w21.d1w22.d0w22.d1w23.d0w23.d1w24.d0w24.d1w25.d0w25.d1w26.d0w26.d1w27.d0w27.d1w28.d0w28.d1w29.d0w29.d1w30.d0w30.d1w31.d0w31.d1LO1LO2LO3HI1HI2HI3k0k1gps8/build/qemu-hP0tKe/qemu-2.5+dfsg/target-mips/translate.cpc=0x%08x HI=0x%08x LO=0x%08x ds %04x %08x %d
Source: Xorg.0.log.127.dr Binary or memory string: [ 373.052] (--) evdev: VirtualPS/2 VMware VMMouse: Found scroll wheel(s)
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_opt_get_size_helper
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.525] (**) vmware(0): Default mode "640x480": 31.5 MHz, 37.9 kHz, 72.8 Hz
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_st_i32
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.551] (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.549] (II) vmware(0): Not using default mode "512x384i" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.509] (**) vmware(0): *Driver mode "vmwlegacy-default-800x600": 36.3 MHz, 36.2 kHz, 60.0 Hz
Source: Xorg.0.log.127.dr Binary or memory string: [ 372.090] (==) vmware(0): Backing store enabled
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.685] (**) vmware(0): Default mode "640x480": 36.0 MHz, 43.3 kHz, 85.0 Hz
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.490] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.525] (--) vmware(0): bpp: 32
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: QEMU_STRACE
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.855] (II) vmware(0): Modeline "832x624"x74.6 57.28 832 864 928 1152 624 625 628 667 -hsync -vsync (49.7 kHz d)
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: tcg_gen_qemu_ld_i64
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_mutex_destroy
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: /build/qemu-hP0tKe/qemu-2.5+dfsg/linux-user/syscall.c
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.494] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.509] (**) VMware VMware Virtual USB Mouse: always reports core events
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.649] (II) vmware(0): Not using default mode "960x720" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.596.dr Binary or memory string: [ 423.226] (--) evdev: VirtualPS/2 VMware VMMouse: Found absolute touchscreen
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.887] (--) evdev: VMware VMware Virtual USB Mouse: Found scroll wheel(s)
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.514] (II) vmware(0): Modeline "1152x864"x70.0 96.77 1152 1224 1344 1536 864 865 868 900 -hsync +vsync (63.0 kHz d)
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_st_i64
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.401] (WW) vmware(0): Disabling RandR12+ support.
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: Please report this to qemu-devel@nongnu.org
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.492] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.746] (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)
Source: Xorg.0.log.127.dr Binary or memory string: [ 372.967] (II) evdev: VMware VMware Virtual USB Mouse: Adding scrollwheel support
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: /build/qemu-hP0tKe/qemu-2.5+dfsg/qobject/qfloat.c
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.657] (**) vmware(0): Default mode "1152x864": 121.5 MHz, 77.5 kHz, 85.1 Hz
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_module_dummy
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.941] (--) evdev: VirtualPS/2 VMware VMMouse: Found x and y absolute axes
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.684] (**) vmware(0): Default mode "800x600": 36.0 MHz, 35.2 kHz, 56.2 Hz
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.882] (II) vmware(0): Modeline "800x600"x56.2 36.00 800 824 896 1024 600 601 603 625 +hsync +vsync (35.2 kHz d)
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.534] (==) vmware(0): Default visual is TrueColor
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.621] (**) evdev: VirtualPS/2 VMware VMMouse: EmulateWheelButton: 4, EmulateWheelInertia: 10, EmulateWheelTimeout: 200
Source: Xorg.0.log.127.dr Binary or memory string: [ 373.057] (II) evdev: VirtualPS/2 VMware VMMouse: Adding scrollwheel support
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_opts_append
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.656] (II) vmware(0): Modeline "1152x864"x100.0 143.47 1152 1232 1360 1568 864 865 868 915 -hsync +vsync (91.5 kHz d)
Source: Xorg.0.log.390.dr Binary or memory string: [ 386.978] (II) vmware(0): Not using default mode "1920x1440" (insufficient memory for mode)
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_close
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.828] (II) Using input driver 'evdev' for 'VMware VMware Virtual USB Mouse'
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.923] (--) evdev: VirtualPS/2 VMware VMMouse: Vendor 0x2 Product 0x13
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: /usr/lib/x86_64-linux-gnu/qemu/build/qemu-hP0tKe/qemu-2.5+dfsg/util/module.cqemu_stamp_09b9ca15a75d8581810e7db7d753b26ca9ec0578Failed to initialize module: %s
Source: Xorg.0.log.596.dr Binary or memory string: [ 423.115] (II) config/udev: Adding input device VMware VMware Virtual USB Mouse (/dev/input/mouse2)
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.509] (**) vmware(0): Virtual size is 800x600 (pitch 1176)
Source: Xorg.0.log.390.dr Binary or memory string: [ 386.984] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.596] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.946] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration threshold: 4
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.650] (II) vmware(0): Not using default mode "1920x1440" (insufficient memory for mode)
Source: Xorg.0.log.127.dr Binary or memory string: [ 373.106] (**) evdev: VirtualPS/2 VMware VMMouse: EmulateWheelButton: 4, EmulateWheelInertia: 10, EmulateWheelTimeout: 200
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.638] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.923] (--) evdev: VirtualPS/2 VMware VMMouse: Found 3 mouse buttons
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: mips_cpu_gdb_write_registermips_cpu_gdb_read_register/build/qemu-hP0tKe/qemu-2.5+dfsg/target-mips/msa_helper.chelper_msa_ffint_u_dfhelper_msa_ffint_s_dfhelper_msa_ftint_u_dfhelper_msa_ftint_s_dfhelper_msa_ffqr_dfhelper_msa_ffql_dfhelper_msa_fexupr_dfhelper_msa_fexupl_dfhelper_msa_flog2_dfhelper_msa_frint_dfhelper_msa_frcp_dfhelper_msa_frsqrt_dfhelper_msa_fsqrt_dfhelper_msa_ftrunc_u_dfhelper_msa_ftrunc_s_dfhelper_msa_fmax_a_dfhelper_msa_fmax_dfhelper_msa_fmin_a_dfhelper_msa_fmin_dfhelper_msa_ftq_dfhelper_msa_fexdo_dfhelper_msa_fexp2_dfhelper_msa_fmsub_dfhelper_msa_fmadd_dfhelper_msa_fdiv_dfhelper_msa_fmul_dfhelper_msa_fsub_dfhelper_msa_fadd_dfcompare_necompare_unecompare_orcompare_ulecompare_lecompare_ultcompare_ltcompare_ueqcompare_eqcompare_uncompare_afhelper_msa_pcnt_dfhelper_msa_nloc_dfhelper_msa_nlzc_dfhelper_msa_fill_dfdo_raise_exception_errhelper_msa_insve_dfhelper_msa_insert_dfhelper_msa_copy_u_dfhelper_msa_copy_s_dfhelper_msa_vshf_dfhelper_msa_ilvod_dfhelper_msa_ilvev_dfhelper_msa_ilvr_dfhelper_msa_ilvl_dfhelper_msa_pckod_dfhelper_msa_pckev_dfmsa_splat_dfhelper_msa_msubr_q_dfhelper_msa_maddr_q_dfhelper_msa_msub_q_dfhelper_msa_madd_q_dfhelper_msa_binsr_dfhelper_msa_binsl_dfhelper_msa_dpsub_u_dfhelper_msa_dpsub_s_dfhelper_msa_dpadd_u_dfhelper_msa_dpadd_s_dfhelper_msa_msubv_dfhelper_msa_maddv_dfmsa_sld_dfhelper_msa_mulr_q_dfhelper_msa_mul_q_dfhelper_msa_hsub_u_dfhelper_msa_hsub_s_dfhelper_msa_hadd_u_dfhelper_msa_hadd_s_dfhelper_msa_srlr_dfhelper_msa_srar_dfhelper_msa_dotp_u_dfhelper_msa_dotp_s_dfhelper_msa_mod_u_dfhelper_msa_mod_s_dfhelper_msa_div_u_dfhelper_msa_div_s_dfhelper_msa_mulv_dfhelper_msa_asub_u_dfhelper_msa_asub_s_dfhelper_msa_subsuu_s_dfhelper_msa_subsus_u_dfhelper_msa_subs_u_dfhelper_msa_subs_s_dfhelper_msa_aver_u_dfhelper_msa_aver_s_dfhelper_msa_ave_u_dfhelper_msa_ave_s_dfhelper_msa_adds_u_dfhelper_msa_adds_s_dfhelper_msa_adds_a_dfhelper_msa_add_a_dfhelper_msa_cle_u_dfhelper_msa_cle_s_dfhelper_msa_clt_u_dfhelper_msa_clt_s_dfhelper_msa_ceq_dfhelper_msa_min_a_dfhelper_msa_max_a_dfhelper_msa_min_u_dfhelper_msa_min_s_dfhelper_msa_max_u_dfhelper_msa_max_s_dfhelper_msa_subv_dfhelper_msa_addv_dfhelper_msa_bneg_dfhelper_msa_bset_dfhelper_msa_bclr_dfhelper_msa_srl_dfhelper_msa_sra_dfhelper_msa_sll_dfhelper_msa_binsri_dfhelper_msa_binsli_dfhelper_msa_srlri_dfhelper_msa_srari_dfhelper_msa_sat_u_dfhelper_msa_sat_s_dfhelper_msa_bnegi_dfhelper_msa_bseti_dfhelper_msa_bclri_dfhelper_msa_srli_dfhelper_msa_srai_dfhelper_msa_slli_dfhelper_msa_ldi_dfhelper_msa_mini_u_dfhelper_msa_mini_s_dfhelper_msa_maxi_u_dfhelper_msa_maxi_s_dfhelper_msa_clti_u_dfhelper_msa_clti_s_dfhelper_msa_clei_u_dfhelper_msa_clei_s_dfhelper_msa_ceqi_dfhelper_msa_subvi_dfhelper_msa_addvi_dfhelper_msa_shf_dfUHI(%d): exit(%d)
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.524] (II) vmware(0): Modeline "640x480"x75.0 31.50 640 656 720 840 480 481 484 500 -hsync -vsync (37.5 kHz d)
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.521] (II) vmware(0): Modeline "800x600"x72.2 50.00 800 856 976 1040 600 637 643 666 +hsync +vsync (48.1 kHz d)
Source: Xorg.0.log.390.dr Binary or memory string: [ 386.983] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.390.dr Binary or memory string: [ 386.957] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.691] (II) vmware(0): Modeline "640x350"x85.1 31.50 640 672 736 832 350 382 385 445 +hsync -vsync (37.9 kHz d)
Source: Xorg.0.log.127.dr Binary or memory string: [ 372.964] (--) evdev: VMware VMware Virtual USB Mouse: Vendor 0xe0f Product 0x3
Source: Xorg.0.log.390.dr Binary or memory string: [ 386.997] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.509] (**) evdev: VMware VMware Virtual USB Mouse: Device: "/dev/input/event4"
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: /build/qemu-hP0tKe/qemu-2.5+dfsg/gdbstub.c
Source: Xorg.0.log.390.dr Binary or memory string: [ 386.958] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.596.dr Binary or memory string: [ 423.181] (II) evdev: VirtualPS/2 VMware VMMouse: Adding scrollwheel support
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.545] (--) vmware(0): vis: 4
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.500] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
Source: Xorg.0.log.596.dr Binary or memory string: [ 423.207] (II) Using input driver 'evdev' for 'VirtualPS/2 VMware VMMouse'
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.821] (**) vmware(0): Default mode "1152x864": 105.0 MHz, 67.6 kHz, 75.0 Hz
Source: Xorg.0.log.390.dr Binary or memory string: [ 386.963] (II) vmware(0): Not using default mode "1280x960" (insufficient memory for mode)
Source: Xorg.0.log.596.dr Binary or memory string: [ 423.173] (--) evdev: VirtualPS/2 VMware VMMouse: Found 3 mouse buttons
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.566] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.658] (II) vmware(0): Modeline "1152x864"x85.0 119.65 1152 1224 1352 1552 864 865 868 907 -hsync +vsync (77.1 kHz d)
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.924] (--) evdev: VirtualPS/2 VMware VMMouse: Found scroll wheel(s)
Source: Xorg.0.log.596.dr Binary or memory string: [ 423.093] (--) evdev: VMware VMware Virtual USB Mouse: Found x and y relative axes
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.549] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.534] (==) vmware(0): RGB weight 888
Source: Xorg.0.log.127.dr Binary or memory string: [ 373.105] (--) evdev: VirtualPS/2 VMware VMMouse: Found x and y absolute axes
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: C/build/qemu-hP0tKe/qemu-2.5+dfsg/util/unicode.clen > 1 && len < 7
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.070] (II) vmware(0): vgaHWGetIOBase: hwp->IOBase is 0x03d0
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.565] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.644] (II) vmware(0): Not using default mode "2048x1536" (insufficient memory for mode)
Source: Xorg.0.log.390.dr Binary or memory string: [ 386.945] (--) vmware(0): w.grn: 8
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.556] (II) vmware(0): Not using default mode "1280x960" (insufficient memory for mode)
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.478] (II) vmware(0): Not using default mode "640x480" (bad mode clock/interlace/doublescan)
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: /build/qemu-hP0tKe/qemu-2.5+dfsg/qobject/qnull.c
Source: Xorg.0.log.596.dr Binary or memory string: [ 423.233] (II) evdev: VirtualPS/2 VMware VMMouse: initialized for absolute axes.
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_strtoull
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.523] (II) vmware(0): Modeline "640x480"x85.0 36.00 640 696 752 832 480 481 484 509 -hsync -vsync (43.3 kHz d)
Source: Xorg.0.log.127.dr Binary or memory string: [ 373.067] (**) VirtualPS/2 VMware VMMouse: (accel) keeping acceleration scheme 1
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.820] (**) vmware(0): Default mode "1152x864": 108.0 MHz, 67.5 kHz, 75.0 Hz
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.558] (II) vmware(0): Not using default mode "640x512" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.644] (II) vmware(0): Not using default mode "1920x1440" (insufficient memory for mode)
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.725] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
Source: Xorg.0.log.127.dr Binary or memory string: [ 373.045] (II) Using input driver 'evdev' for 'VirtualPS/2 VMware VMMouse'
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.555] (==) vmware(0): Backing store enabled
Source: Xorg.0.log.127.dr Binary or memory string: [ 373.112] (II) evdev: VirtualPS/2 VMware VMMouse: initialized for absolute axes.
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.016] (II) vmware(0): Modeline "1024x768"x85.0 94.50 1024 1072 1168 1376 768 769 772 808 +hsync +vsync (68.7 kHz d)
Source: jzyKEkkDsV.elf, 4685.1.00007ffefd987000.00007ffefd9a8000.rw-.sdmp Binary or memory string: /tmp/qemu-open.nhKrdh
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.518] (**) vmware(0): Default mode "1024x768": 65.0 MHz, 48.4 kHz, 60.0 Hz
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.667] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.488] (II) vmware(0): Not using default mode "928x696" (bad mode clock/interlace/doublescan)
Source: jzyKEkkDsV.elf, 4685.1.00007ffefd987000.00007ffefd9a8000.rw-.sdmp Binary or memory string: etc/qemu-binfmt/
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: /build/qemu-hP0tKe/qemu-2.5+dfsg/tcg/tcg-op.c
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.639] (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu-mips version 2.5.0 (Debian 1:2.5+dfsg-5ubuntu10.44), Copyright (c) 2003-2008 Fabrice Bellard
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.155] (II) vmware: driver for VMware SVGA: vmware0405, vmware0710
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.559] (II) vmware(0): Not using default mode "640x512" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.460] (--) vmware(0): bpp: 32
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.632] (II) vmware(0): Not using default mode "1792x1344" (insufficient memory for mode)
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.499] (II) vmware(0): Not using default mode "1600x1024" (insufficient memory for mode)
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.573] (II) vmware(0): Not using default mode "1792x1344" (insufficient memory for mode)
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.352] (WW) vmware(0): Disabling Render Acceleration.
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.509] (II) vmware(0): Modeline "vmwlegacy-default-800x600"x60.0 36.25 800 801 802 1002 600 601 602 603 (36.2 kHz ez)
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.941] (--) evdev: VirtualPS/2 VMware VMMouse: Found absolute axes
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.687] (II) vmware(0): Modeline "640x480"x72.8 31.50 640 664 704 832 480 489 492 520 -hsync -vsync (37.9 kHz d)
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: /build/qemu-hP0tKe/qemu-2.5+dfsg/linux-user/syscall.c%s%08x%08x%04x%d%d%d%08x%d%u%u
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.001] (II) vmware(0): Not using default mode "1920x1440" (insufficient memory for mode)
Source: Xorg.0.log.390.dr Binary or memory string: [ 386.991] (II) vmware(0): Not using default mode "1440x900" (insufficient memory for mode)
Source: Xorg.0.log.390.dr Binary or memory string: [ 386.963] (II) vmware(0): Not using default mode "640x480" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.127.dr Binary or memory string: [ 373.099] (**) VirtualPS/2 VMware VMMouse: always reports core events
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.591] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.806] (II) vmware(0): Modeline "1152x864"x85.1 121.50 1152 1216 1344 1568 864 865 868 911 +hsync -vsync (77.5 kHz d)
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_allocate_irq
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.464] (--) vmware(0): vis: 4
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: QEMU_UNSET_ENV
Source: Xorg.0.log.390.dr Binary or memory string: [ 386.947] (==) vmware(0): Depth 24, (==) framebuffer bpp 32
Source: jzyKEkkDsV.elf, 4685.1.00007ffefd987000.00007ffefd9a8000.rw-.sdmp Binary or memory string: #H9V/usr/bin/qemu-mips/tmp/jzyKEkkDsV.elfW+1H9V4685/
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.946] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration factor: 2.000
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.806] (**) vmware(0): Default mode "1152x864": 119.7 MHz, 77.1 kHz, 85.0 Hz
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.562] (II) vmware(0): Not using default mode "360x200" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.009] (II) vmware(0): Modeline "1152x864"x85.1 121.50 1152 1216 1344 1568 864 865 868 911 +hsync -vsync (77.5 kHz d)
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.656] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/mouse0)
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.556] (II) vmware(0): Not using default mode "640x480" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.596.dr Binary or memory string: [ 423.106] (**) VMware VMware Virtual USB Mouse: (accel) keeping acceleration scheme 1
Source: Xorg.0.log.390.dr Binary or memory string: [ 386.955] (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.610] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_opts_create
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.020] (**) vmware(0): Default mode "832x624": 57.3 MHz, 49.7 kHz, 74.6 Hz
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.829] (**) evdev: VMware VMware Virtual USB Mouse: Device: "/dev/input/event4"
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.658] (**) vmware(0): Default mode "1152x864": 108.0 MHz, 67.5 kHz, 75.0 Hz
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.622] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.485] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.676] (II) vmware(0): Modeline "1024x768"x70.1 75.00 1024 1048 1184 1328 768 771 777 806 -hsync -vsync (56.5 kHz d)
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: QEMU_SINGLESTEP
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_set_log_filename
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.069] (II) vmware(0): Initialized VMware Xinerama extension.
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_log
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.697] (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.127.dr Binary or memory string: [ 370.930] (II) Module vmware: vendor="X.Org Foundation"
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.789] (II) vmware(0): Not using default mode "2048x1536" (insufficient memory for mode)
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.484] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.012] (**) vmware(0): Default mode "1152x864": 105.0 MHz, 67.6 kHz, 75.0 Hz
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.573] (II) vmware(0): Not using default mode "512x384i" (bad mode clock/interlace/doublescan)
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_stamp_09b9ca15a75d8581810e7db7d753b26ca9ec0578
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.478] (II) vmware(0): Not using default mode "640x512" (bad mode clock/interlace/doublescan)
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_thread_create
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.678] (II) vmware(0): Modeline "800x600"x85.1 56.30 800 832 896 1048 600 601 604 631 +hsync +vsync (53.7 kHz d)
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.511] (II) vmware(0): Modeline "1152x864"x85.1 121.50 1152 1216 1344 1568 864 865 868 911 +hsync -vsync (77.5 kHz d)
Source: Xorg.0.log.390.dr Binary or memory string: [ 386.977] (II) vmware(0): Not using default mode "928x696" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.677] (**) vmware(0): Default mode "832x624": 57.3 MHz, 49.7 kHz, 74.6 Hz
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.647] (**) vmware(0): *Driver mode "vmwlegacy-default-800x600": 36.3 MHz, 36.2 kHz, 60.0 Hz
Source: Xorg.0.log.127.dr Binary or memory string: [ 372.965] (--) evdev: VMware VMware Virtual USB Mouse: Found scroll wheel(s)
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_socket
Source: Xorg.0.log.596.dr Binary or memory string: [ 421.983] (II) Loading /usr/lib/xorg/modules/drivers/vmware_drv.so
Source: Xorg.0.log.596.dr Binary or memory string: [ 423.235] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration factor: 2.000
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_thread_get_self
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.525] (**) vmware(0): Default mode "640x480": 25.2 MHz, 31.5 kHz, 59.9 Hz
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: /build/qemu-hP0tKe/qemu-2.5+dfsg/linux-user/signal.c
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.497] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.683] (II) vmware(0): Modeline "800x600"x72.2 50.00 800 856 976 1040 600 637 643 666 +hsync +vsync (48.1 kHz d)
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.888] (--) evdev: VMware VMware Virtual USB Mouse: Found relative axes
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.564] (--) evdev: VMware VMware Virtual USB Mouse: Vendor 0xe0f Product 0x3
Source: Xorg.0.log.390.dr Binary or memory string: [ 386.966] (II) vmware(0): Not using default mode "640x512" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.560] (II) vmware(0): Not using default mode "320x175" (bad mode clock/interlace/doublescan)
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_module_dummy%s/..block-iscsiblock-curlblock-rbdblock-dmgModule is not supported by system.
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.481] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.026] (**) vmware(0): Default mode "800x600": 36.0 MHz, 35.2 kHz, 56.2 Hz
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.946] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration profile 0
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_event_wait
Source: Xorg.0.log.390.dr Binary or memory string: [ 386.967] (II) vmware(0): Not using default mode "640x512" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.590] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.922] (II) Using input driver 'evdev' for 'VirtualPS/2 VMware VMMouse'
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_opt_get_bool_del
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.640] (II) Using input driver 'evdev' for 'VirtualPS/2 VMware VMMouse'
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.503] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
Source: Xorg.0.log.390.dr Binary or memory string: [ 386.949] (==) vmware(0): Using HW cursor
Source: Xorg.0.log.390.dr Binary or memory string: [ 386.974] (II) vmware(0): Not using default mode "1792x1344" (insufficient memory for mode)
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: /build/qemu-hP0tKe/qemu-2.5+dfsg/user-exec.c
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.008] (**) vmware(0): Default mode "1152x864": 143.5 MHz, 91.5 kHz, 100.0 Hz
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_set_cloexec
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.499] (II) vmware(0): Not using default mode "1440x900" (insufficient memory for mode)
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: mips_cpu_exec_interruptmips_cpu_handle_mmu_fault/build/qemu-hP0tKe/qemu-2.5+dfsg/target-mips/cpu.cmips_cpu_initfnmips_cpu_realizefnmips_cpu_resetmips_cpu_has_workmips_cpu_set_pcmips_cpu_synchronize_from_tbmips_cpu_class_init/build/qemu-hP0tKe/qemu-2.5+dfsg/target-mips/gdbstub.c T
Source: Xorg.0.log.127.dr Binary or memory string: [ 373.047] (**) evdev: VirtualPS/2 VMware VMMouse: Device: "/dev/input/event3"
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.638] (II) vmware(0): Not using default mode "960x540" (bad mode clock/interlace/doublescan)
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: QEMU_UNAME
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.504] (II) vmware(0): Not using default mode "960x540" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.646] (II) vmware(0): Not using default mode "1024x768" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.017] (**) vmware(0): Default mode "1024x768": 78.8 MHz, 60.0 kHz, 75.0 Hz
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.005] (II) vmware(0): Not using default mode "1024x768" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.543] (--) vmware(0): w.red: 8
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.479] (II) vmware(0): Not using default mode "1280x1024" (insufficient memory for mode)
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.950] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/mouse0)
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.508] (II) vmware(0): Not using default mode "2048x1536" (insufficient memory for mode)
Source: Xorg.0.log.127.dr Binary or memory string: [ 373.072] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration factor: 2.000
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.022] (II) vmware(0): Modeline "800x600"x85.1 56.30 800 832 896 1048 600 601 604 631 +hsync +vsync (53.7 kHz d)
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.929] (**) VirtualPS/2 VMware VMMouse: (accel) keeping acceleration scheme 1
Source: Xorg.0.log.127.dr Binary or memory string: [ 372.975] (II) evdev: VMware VMware Virtual USB Mouse: initialized for relative axes.
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: thunk_convertthunk_register_struct_directthunk_register_struct/build/qemu-hP0tKe/qemu-2.5+dfsg/user-exec.ccc->handle_mmu_faulthandle_cpu_signalReserved virtual address too big
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.550] (II) vmware(0): vgaHWGetIOBase: hwp->IOBase is 0x03d0
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_opt_get_number_del
Source: Xorg.0.log.127.dr Binary or memory string: [ 373.047] (--) evdev: VirtualPS/2 VMware VMMouse: Vendor 0x2 Product 0x13
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.112] (II) Module vmware: vendor="X.Org Foundation"
Source: Xorg.0.log.390.dr Binary or memory string: [ 386.987] (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.678] (**) vmware(0): Default mode "800x600": 56.3 MHz, 53.7 kHz, 85.1 Hz
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: err && errp != &error_abort*errp == NULL%s: %sCould not open '%s'errp && *errperror_free_or_aborterror_append_hinterror_setv/build/qemu-hP0tKe/qemu-2.5+dfsg/util/qemu-error.cfname || cur_loc->kind == LOC_FILE!loc->prevcur_loc == loc && loc->prev%s:%d:loc_set_fileloc_restoreloc_poploc_push_restore'on' or 'off'a numbera sizen < sizeof(buf)%.17gNo description availableSupported options:%-16s %s
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.352] (--) vmware(0): VMware SVGA regs at (0x1070, 0x1071)
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: target_disas/build/qemu-hP0tKe/qemu-2.5+dfsg/gdbstub.c
Source: Xorg.0.log.390.dr Binary or memory string: [ 386.987] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
Source: Xorg.0.log.390.dr Binary or memory string: [ 386.986] (II) vmware(0): Not using default mode "680x384" (bad mode clock/interlace/doublescan)
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: /build/qemu-hP0tKe/qemu-2.5+dfsg/qom/container.c
Source: Xorg.0.log.596.dr Binary or memory string: [ 423.181] (**) evdev: VirtualPS/2 VMware VMMouse: YAxisMapping: buttons 4 and 5
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.572] (II) evdev: VMware VMware Virtual USB Mouse: Adding scrollwheel support
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.470] (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_write_full
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.691] (**) vmware(0): Default mode "640x350": 31.5 MHz, 37.9 kHz, 85.1 Hz
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.513] (**) vmware(0): Default mode "1152x864": 105.0 MHz, 67.6 kHz, 75.0 Hz
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.525] (--) vmware(0): vram: 4194304
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_madvise
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.575] (**) evdev: VMware VMware Virtual USB Mouse: EmulateWheelButton: 4, EmulateWheelInertia: 10, EmulateWheelTimeout: 200
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_logfile
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.508] (II) vmware(0): Not using default mode "1024x768" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.007] (**) vmware(0): *Driver mode "vmwlegacy-default-800x600": 36.3 MHz, 36.2 kHz, 60.0 Hz
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.550] (II) vmware(0): Initialized VMware Xinerama extension.
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.892] (II) evdev: VMware VMware Virtual USB Mouse: Adding scrollwheel support
Source: Xorg.0.log.390.dr Binary or memory string: [ 387.015] (II) vmware(0): Modeline "1152x864"x60.0 81.62 1152 1216 1336 1520 864 865 868 895 -hsync +vsync (53.7 kHz d)
Source: Xorg.0.log.127.dr Binary or memory string: [ 373.098] (**) VirtualPS/2 VMware VMMouse: Applying InputClass "evdev pointer catchall"
Source: Xorg.0.log.127.dr Binary or memory string: [ 371.651] (II) vmware(0): Not using default mode "416x312" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.390.dr Binary or memory string: [ 386.964] (II) vmware(0): Not using default mode "1280x1024" (insufficient memory for mode)
Source: Xorg.0.log.596.dr Binary or memory string: [ 423.104] (II) XINPUT: Adding extended input device "VMware VMware Virtual USB Mouse" (type: MOUSE, id 7)
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: /build/qemu-hP0tKe/qemu-2.5+dfsg/cpu-exec.c
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_get_thread_id
Source: Xorg.0.log.127.dr Binary or memory string: [ 372.909] (**) VMware VMware Virtual USB Mouse: Applying InputClass "evdev pointer catchall"
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.519] (**) vmware(0): Default mode "800x600": 56.3 MHz, 53.7 kHz, 85.1 Hz
Source: jzyKEkkDsV.elf, 4685.1.000056394819c000.0000563948353000.r-x.sdmp Binary or memory string: qemu_read_password
Source: Xorg.0.log.728.dr Binary or memory string: [ 425.462] (--) vmware(0): bpp: 32
Source: Xorg.0.log.596.dr Binary or memory string: [ 422.613] (II) vmware(0): Not using default mode "800x512" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.390.dr Binary or memory string: [ 386.969] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)

Language, Device and Operating System Detection
barindex
Reads system files that contain records of logged in users
Source: /usr/lib/accountsservice/accounts-daemon (PID: 5030) Logged in records file read: /var/log/wtmp Jump to behavior
Source: /usr/lib/accountsservice/accounts-daemon (PID: 6524) Logged in records file read: /var/log/wtmp
Source: /usr/lib/accountsservice/accounts-daemon (PID: 7460) Logged in records file read: /var/log/wtmp
Source: /usr/lib/accountsservice/accounts-daemon (PID: 7936) Logged in records file read: /var/log/wtmp

Stealing of Sensitive Information
barindex
Yara detected Mirai
Source: Yara match File source: jzyKEkkDsV.elf, type: SAMPLE
Source: Yara match File source: 4685.1.00007f6eb2686000.00007f6eb26b5000.r-x.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: jzyKEkkDsV.elf PID: 4685, type: MEMORYSTR

Remote Access Functionality
barindex
Yara detected Mirai
Source: Yara match File source: jzyKEkkDsV.elf, type: SAMPLE
Source: Yara match File source: 4685.1.00007f6eb2686000.00007f6eb26b5000.r-x.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: jzyKEkkDsV.elf PID: 4685, type: MEMORYSTR

No Screenshots

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
89.190.156.145
 unknown United Kingdom
7489 HOSTUS-GLOBAL-ASHostUSHK false
154.216.16.109
 ksdjwi.eye-network.ru Seychelles
135357 SKHT-ASShenzhenKatherineHengTechnologyInformationCo false

Contacted Domains

Name IP Active
daisy.ubuntu.com 162.213.35.25 true
ksdjwi.eye-network.ru 154.216.16.109 true