Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 491, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 658, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 720, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 721, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 759, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 761, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 772, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 774, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 777, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 785, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 793, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 936, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 1334, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 1335, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 1344, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 1601, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 1860, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 1872, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 1886, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 2048, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 6044, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 6190, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 6191, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 6230, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 6234, result: unknown |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6507) |
SIGKILL sent: pid: 6505, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6515) |
SIGKILL sent: pid: 6513, result: successful |
Jump to behavior |
Source: 1isequal9.arm7, type: SAMPLE |
Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13 |
Source: 6226.1.0000000097c8e407.000000009c2c05b8.rw-.sdmp, type: MEMORY |
Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13 |
Source: 6229.1.0000000097c8e407.000000009c2c05b8.rw-.sdmp, type: MEMORY |
Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13 |
Source: 6234.1.000000005d55c1b0.00000000007ca476.r-x.sdmp, type: MEMORY |
Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13 |
Source: 6226.1.000000005d55c1b0.00000000007ca476.r-x.sdmp, type: MEMORY |
Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13 |
Source: 6507.1.000000005d55c1b0.00000000007ca476.r-x.sdmp, type: MEMORY |
Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13 |
Source: 6507.1.0000000097c8e407.000000009c2c05b8.rw-.sdmp, type: MEMORY |
Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13 |
Source: 6513.1.000000005d55c1b0.00000000007ca476.r-x.sdmp, type: MEMORY |
Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13 |
Source: 6230.1.000000005d55c1b0.00000000007ca476.r-x.sdmp, type: MEMORY |
Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13 |
Source: 6233.1.000000005d55c1b0.00000000007ca476.r-x.sdmp, type: MEMORY |
Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13 |
Source: 6229.1.000000005d55c1b0.00000000007ca476.r-x.sdmp, type: MEMORY |
Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13 |
Source: 6515.1.000000005d55c1b0.00000000007ca476.r-x.sdmp, type: MEMORY |
Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13 |
Source: 6513.1.0000000097c8e407.000000009c2c05b8.rw-.sdmp, type: MEMORY |
Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13 |
Source: 6230.1.0000000097c8e407.000000009c2c05b8.rw-.sdmp, type: MEMORY |
Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13 |
Source: 6505.1.000000005d55c1b0.00000000007ca476.r-x.sdmp, type: MEMORY |
Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13 |
Source: 6234.1.0000000097c8e407.000000009c2c05b8.rw-.sdmp, type: MEMORY |
Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13 |
Source: 6505.1.0000000097c8e407.000000009c2c05b8.rw-.sdmp, type: MEMORY |
Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13 |
Source: 6515.1.0000000097c8e407.000000009c2c05b8.rw-.sdmp, type: MEMORY |
Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13 |
Source: 6233.1.0000000097c8e407.000000009c2c05b8.rw-.sdmp, type: MEMORY |
Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13 |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 491, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 658, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 720, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 721, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 759, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 761, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 772, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 774, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 777, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 785, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 793, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 936, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 1334, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 1335, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 1344, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 1601, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 1860, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 1872, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 1886, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 2048, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 6044, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 6190, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 6191, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 6230, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6234) |
SIGKILL sent: pid: 6234, result: unknown |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6507) |
SIGKILL sent: pid: 6505, result: successful |
Jump to behavior |
Source: /tmp/1isequal9.arm7 (PID: 6515) |
SIGKILL sent: pid: 6513, result: successful |
Jump to behavior |
Source: /bin/sh (PID: 6407) |
Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf |
Jump to behavior |
Source: /bin/sh (PID: 6409) |
Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf |
Jump to behavior |
Source: /bin/sh (PID: 6411) |
Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf |
Jump to behavior |
Source: /bin/sh (PID: 6416) |
Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf |
Jump to behavior |
Source: /bin/sh (PID: 6418) |
Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf |
Jump to behavior |
Source: /bin/sh (PID: 6420) |
Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf |
Jump to behavior |
Source: /bin/sh (PID: 6424) |
Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf |
Jump to behavior |
Source: /bin/sh (PID: 6426) |
Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf |
Jump to behavior |
Source: /bin/sh (PID: 6474) |
Grep executable: /usr/bin/grep -> grep -F .utf8 |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/6395/comm |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/6395/cmdline |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/6395/status |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/6395/attr/current |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/6395/sessionid |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/6395/loginuid |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/6395/cgroup |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/6475/comm |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/6475/cmdline |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/6475/status |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/6475/attr/current |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/6475/sessionid |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/6475/loginuid |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/6475/cgroup |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2078/comm |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2078/cmdline |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2078/status |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2078/attr/current |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2078/sessionid |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2078/loginuid |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2078/cgroup |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2077/comm |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2077/cmdline |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2077/status |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2077/attr/current |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2077/sessionid |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2077/loginuid |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2077/cgroup |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2033/comm |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2033/cmdline |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2033/status |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2033/attr/current |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2033/sessionid |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2033/loginuid |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2033/cgroup |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2074/comm |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2074/cmdline |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2074/status |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2074/attr/current |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2074/sessionid |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2074/loginuid |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2074/cgroup |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2028/comm |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2028/cmdline |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2028/status |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2028/attr/current |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2028/sessionid |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2028/loginuid |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2028/cgroup |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2028/status |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2028/comm |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2028/cmdline |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2028/attr/current |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2028/sessionid |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2028/loginuid |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2028/cgroup |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2028/comm |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2028/cmdline |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2028/status |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2028/attr/current |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2028/sessionid |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2028/loginuid |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2028/cgroup |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/1532/comm |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/1532/cmdline |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/1532/status |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/1532/attr/current |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/1532/sessionid |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/1532/loginuid |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/1532/cgroup |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/1334/comm |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/1334/cmdline |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/1334/status |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/1334/attr/current |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/1334/sessionid |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/1334/loginuid |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/1334/cgroup |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/1334/comm |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/1334/cmdline |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/1334/status |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/1334/attr/current |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/1334/sessionid |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/1334/loginuid |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/1334/cgroup |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2302/comm |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2302/cmdline |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2302/status |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2302/attr/current |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2302/sessionid |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2302/loginuid |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2302/cgroup |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2025/comm |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2025/cmdline |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2025/status |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2025/attr/current |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2025/sessionid |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2025/loginuid |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2025/cgroup |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2223/comm |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2223/cmdline |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2223/status |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2223/attr/current |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2223/sessionid |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2223/loginuid |
Jump to behavior |
Source: /lib/systemd/systemd-journald (PID: 6262) |
File opened: /proc/2223/cgroup |
Jump to behavior |
Source: syslog.35.dr |
Binary or memory string: May 14 12:00:20 galassia kernel: [ 479.246636] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 12/12/2018 |
Source: syslog.35.dr |
Binary or memory string: May 14 12:00:20 galassia kernel: [ 479.246585] Modules linked in: monitor(OE) md4 cmac cifs libarc4 fscache libdes vmw_vsock_vmci_transport vsock binfmt_misc dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua vmw_balloon joydev input_leds serio_raw vmw_vmci sch_fq_codel drm parport_pc ppdev lp parport ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel crypto_simd cryptd glue_helper psmouse ahci mptspi vmxnet3 scsi_transport_spi mptscsih libahci mptbase |
Source: 1isequal9.arm7, 6226.1.000000003680e83a.000000005c5c2243.rw-.sdmp, 1isequal9.arm7, 6229.1.000000003680e83a.00000000ca6d1a3b.rw-.sdmp, 1isequal9.arm7, 6230.1.000000003680e83a.00000000ca6d1a3b.rw-.sdmp, 1isequal9.arm7, 6233.1.000000003680e83a.00000000ca6d1a3b.rw-.sdmp, 1isequal9.arm7, 6234.1.000000003680e83a.00000000ca6d1a3b.rw-.sdmp, 1isequal9.arm7, 6505.1.000000003680e83a.00000000ca6d1a3b.rw-.sdmp, 1isequal9.arm7, 6507.1.000000003680e83a.00000000ca6d1a3b.rw-.sdmp, 1isequal9.arm7, 6513.1.000000003680e83a.00000000ca6d1a3b.rw-.sdmp, 1isequal9.arm7, 6515.1.000000003680e83a.00000000ca6d1a3b.rw-.sdmp |
Binary or memory string: "V!/etc/qemu-binfmt/arm |
Source: 1isequal9.arm7, 6234.1.00000000fc8940c5.0000000022e68779.rw-.sdmp |
Binary or memory string: /tmp/qemu-open.2u2bbA |
Source: 1isequal9.arm7, 6226.1.00000000fc8940c5.0000000022e68779.rw-.sdmp, 1isequal9.arm7, 6229.1.00000000fc8940c5.0000000022e68779.rw-.sdmp, 1isequal9.arm7, 6230.1.00000000fc8940c5.0000000022e68779.rw-.sdmp, 1isequal9.arm7, 6233.1.00000000fc8940c5.0000000022e68779.rw-.sdmp, 1isequal9.arm7, 6234.1.00000000fc8940c5.0000000022e68779.rw-.sdmp, 1isequal9.arm7, 6505.1.00000000fc8940c5.0000000022e68779.rw-.sdmp, 1isequal9.arm7, 6507.1.00000000fc8940c5.0000000022e68779.rw-.sdmp, 1isequal9.arm7, 6513.1.00000000fc8940c5.0000000022e68779.rw-.sdmp, 1isequal9.arm7, 6515.1.00000000fc8940c5.0000000022e68779.rw-.sdmp |
Binary or memory string: x86_64/usr/bin/qemu-arm/tmp/1isequal9.arm7SUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/1isequal9.arm7 |
Source: 1isequal9.arm7, 6226.1.000000003680e83a.000000005c5c2243.rw-.sdmp, 1isequal9.arm7, 6229.1.000000003680e83a.00000000ca6d1a3b.rw-.sdmp, 1isequal9.arm7, 6230.1.000000003680e83a.00000000ca6d1a3b.rw-.sdmp, 1isequal9.arm7, 6233.1.000000003680e83a.00000000ca6d1a3b.rw-.sdmp, 1isequal9.arm7, 6234.1.000000003680e83a.00000000ca6d1a3b.rw-.sdmp, 1isequal9.arm7, 6505.1.000000003680e83a.00000000ca6d1a3b.rw-.sdmp, 1isequal9.arm7, 6507.1.000000003680e83a.00000000ca6d1a3b.rw-.sdmp, 1isequal9.arm7, 6513.1.000000003680e83a.00000000ca6d1a3b.rw-.sdmp, 1isequal9.arm7, 6515.1.000000003680e83a.00000000ca6d1a3b.rw-.sdmp |
Binary or memory string: /etc/qemu-binfmt/arm |
Source: 1isequal9.arm7, 6226.1.00000000fc8940c5.0000000022e68779.rw-.sdmp, 1isequal9.arm7, 6229.1.00000000fc8940c5.0000000022e68779.rw-.sdmp, 1isequal9.arm7, 6230.1.00000000fc8940c5.0000000022e68779.rw-.sdmp, 1isequal9.arm7, 6233.1.00000000fc8940c5.0000000022e68779.rw-.sdmp, 1isequal9.arm7, 6234.1.00000000fc8940c5.0000000022e68779.rw-.sdmp, 1isequal9.arm7, 6505.1.00000000fc8940c5.0000000022e68779.rw-.sdmp, 1isequal9.arm7, 6507.1.00000000fc8940c5.0000000022e68779.rw-.sdmp, 1isequal9.arm7, 6513.1.00000000fc8940c5.0000000022e68779.rw-.sdmp, 1isequal9.arm7, 6515.1.00000000fc8940c5.0000000022e68779.rw-.sdmp |
Binary or memory string: /usr/bin/qemu-arm |
Source: 1isequal9.arm7, 6234.1.00000000fc8940c5.0000000022e68779.rw-.sdmp |
Binary or memory string: "V/tmp/qemu-open.2u2bbA |