Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
1isequal9.arm
|
ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
|
initial sample
|
||
/var/log/wtmp
|
data
|
dropped
|
||
/home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-sink
|
ASCII text
|
dropped
|
||
/home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-source
|
ASCII text
|
dropped
|
||
/proc/6474/oom_score_adj
|
very short file (no magic)
|
dropped
|
||
/run/gdm3.pid
|
ASCII text
|
dropped
|
||
/run/systemd/journal/streams/.#9:75018lw0CbK
|
ASCII text
|
dropped
|
||
/run/systemd/journal/streams/.#9:75019o3KZTM
|
ASCII text
|
dropped
|
||
/run/systemd/journal/streams/.#9:75245x49NsN
|
ASCII text
|
dropped
|
||
/run/systemd/journal/streams/.#9:752621A12rK
|
ASCII text
|
dropped
|
||
/run/systemd/journal/streams/.#9:75955K4u6BN
|
ASCII text
|
dropped
|
||
/run/systemd/journal/streams/.#9:76157OSqEhM
|
ASCII text
|
dropped
|
||
/run/systemd/journal/streams/.#9:76176G25jGK
|
ASCII text
|
dropped
|
||
/run/systemd/journal/streams/.#9:76283a6Cx8L
|
ASCII text
|
dropped
|
||
/run/systemd/journal/streams/.#9:76284tVVVfL
|
ASCII text
|
dropped
|
||
/run/systemd/journal/streams/.#9:76287G4fchO
|
ASCII text
|
dropped
|
||
/run/systemd/journal/streams/.#9:7644849WLoM
|
ASCII text
|
dropped
|
||
/run/systemd/journal/streams/.#9:76597ueUGtL
|
ASCII text
|
dropped
|
||
/run/systemd/journal/streams/.#9:76697hPVHgM
|
ASCII text
|
dropped
|
||
/run/systemd/journal/streams/.#9:76775rOT3ZM
|
ASCII text
|
dropped
|
||
/run/systemd/journal/streams/.#9:76790SdgP0M
|
ASCII text
|
dropped
|
||
/run/systemd/journal/streams/.#9:771928HMvgK
|
ASCII text
|
dropped
|
||
/run/systemd/journal/streams/.#9:77194PNcvLM
|
ASCII text
|
dropped
|
||
/run/systemd/journal/streams/.#9:77230EsEw0K
|
ASCII text
|
dropped
|
||
/run/systemd/journal/streams/.#9:77235e6ws8N
|
ASCII text
|
dropped
|
||
/run/systemd/journal/streams/.#9:77535UdbKIM
|
ASCII text
|
dropped
|
||
/run/systemd/journal/streams/.#9:77932cdsDmN
|
ASCII text
|
dropped
|
||
/run/systemd/seats/.#seat0izgq07
|
ASCII text
|
dropped
|
||
/run/systemd/seats/.#seat0xCLwZ7
|
ASCII text
|
dropped
|
||
/run/systemd/users/.#1273tH4oa
|
ASCII text
|
dropped
|
||
/run/systemd/users/.#127PRvuxa
|
ASCII text
|
dropped
|
||
/run/systemd/users/.#127UMUrx8
|
ASCII text
|
dropped
|
||
/run/systemd/users/.#127Z4PAH9
|
ASCII text
|
dropped
|
||
/run/systemd/users/.#127qgny5a
|
ASCII text
|
dropped
|
||
/run/user/1000/pulse/pid
|
ASCII text
|
dropped
|
||
/run/utmp
|
data
|
dropped
|
||
/tmp/qemu-open.hu2k0x (deleted)
|
ASCII text
|
dropped
|
||
/var/crash/_usr_bin_light-locker.1000.uploaded
|
ASCII text
|
dropped
|
||
/var/lib/AccountsService/users/gdm.WTWPL1
|
ASCII text
|
dropped
|
||
/var/lib/ubuntu-drivers-common/last_gfx_boot
|
ASCII text
|
dropped
|
||
/var/lib/whoopsie/whoopsie-id.60SZL1
|
ASCII text, with no line terminators
|
dropped
|
||
/var/log/auth.log
|
ASCII text
|
dropped
|
||
/var/log/gpu-manager.log
|
ASCII text
|
dropped
|
||
/var/log/journal/ee49dfd4fa47433baee88884e2d7de7c/system.journal
|
data
|
dropped
|
||
/var/log/journal/ee49dfd4fa47433baee88884e2d7de7c/user-1000.journal
|
data
|
dropped
|
||
/var/log/kern.log
|
ASCII text
|
dropped
|
||
/var/log/syslog
|
ASCII text, with very long lines
|
dropped
|
There are 37 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
/tmp/1isequal9.arm
|
/tmp/1isequal9.arm
|
||
/tmp/1isequal9.arm
|
n/a
|
||
/tmp/1isequal9.arm
|
n/a
|
||
/tmp/1isequal9.arm
|
n/a
|
||
/tmp/1isequal9.arm
|
n/a
|
||
/tmp/1isequal9.arm
|
n/a
|
||
/usr/lib/systemd/systemd
|
n/a
|
||
/usr/bin/journalctl
|
/usr/bin/journalctl --smart-relinquish-var
|
||
/usr/lib/systemd/systemd
|
n/a
|
||
/lib/systemd/systemd-journald
|
/lib/systemd/systemd-journald
|
||
/usr/lib/systemd/systemd
|
n/a
|
||
/usr/bin/journalctl
|
/usr/bin/journalctl --flush
|
||
/usr/lib/systemd/systemd
|
n/a
|
||
/usr/bin/dbus-daemon
|
/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
|
||
/usr/lib/systemd/systemd
|
n/a
|
||
/usr/bin/whoopsie
|
/usr/bin/whoopsie -f
|
||
/usr/lib/systemd/systemd
|
n/a
|
||
/usr/bin/pulseaudio
|
/usr/bin/pulseaudio --daemonize=no --log-target=journal
|
||
/usr/lib/systemd/systemd
|
n/a
|
||
/usr/libexec/rtkit-daemon
|
/usr/libexec/rtkit-daemon
|
||
/usr/lib/systemd/systemd
|
n/a
|
||
/lib/systemd/systemd-logind
|
/lib/systemd/systemd-logind
|
||
/usr/lib/systemd/systemd
|
n/a
|
||
/usr/lib/policykit-1/polkitd
|
/usr/lib/policykit-1/polkitd --no-debug
|
||
/usr/lib/systemd/systemd
|
n/a
|
||
/usr/sbin/rsyslogd
|
/usr/sbin/rsyslogd -n -iNONE
|
||
/usr/sbin/gdm3
|
n/a
|
||
/etc/gdm3/PrimeOff/Default
|
/etc/gdm3/PrimeOff/Default
|
||
/usr/sbin/gdm3
|
n/a
|
||
/etc/gdm3/PrimeOff/Default
|
/etc/gdm3/PrimeOff/Default
|
||
/usr/sbin/gdm3
|
n/a
|
||
/etc/gdm3/PrimeOff/Default
|
/etc/gdm3/PrimeOff/Default
|
||
/usr/lib/systemd/systemd
|
n/a
|
||
/sbin/agetty
|
/sbin/agetty -o "-p -- \\u" --noclear tty2 linux
|
||
/usr/lib/systemd/systemd
|
n/a
|
||
/usr/bin/gpu-manager
|
/usr/bin/gpu-manager --log /var/log/gpu-manager.log
|
||
/usr/bin/gpu-manager
|
n/a
|
||
/bin/sh
|
sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
|
||
/bin/sh
|
n/a
|
||
/usr/bin/grep
|
grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf
/etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf
/etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf
/etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
|
||
/usr/bin/gpu-manager
|
n/a
|
||
/bin/sh
|
sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
|
||
/bin/sh
|
n/a
|
||
/usr/bin/grep
|
grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf
/lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
|
||
/usr/bin/gpu-manager
|
n/a
|
||
/bin/sh
|
sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
|
||
/bin/sh
|
n/a
|
||
/usr/bin/grep
|
grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf
/etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf
/etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf
/etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
|
||
/usr/bin/gpu-manager
|
n/a
|
||
/bin/sh
|
sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
|
||
/bin/sh
|
n/a
|
||
/usr/bin/grep
|
grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf
/lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
|
||
/usr/bin/gpu-manager
|
n/a
|
||
/bin/sh
|
sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
|
||
/bin/sh
|
n/a
|
||
/usr/bin/grep
|
grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf
/etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf
/etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf
/etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
|
||
/usr/bin/gpu-manager
|
n/a
|
||
/bin/sh
|
sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
|
||
/bin/sh
|
n/a
|
||
/usr/bin/grep
|
grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf
/lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
|
||
/usr/bin/gpu-manager
|
n/a
|
||
/bin/sh
|
sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
|
||
/bin/sh
|
n/a
|
||
/usr/bin/grep
|
grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf
/etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf
/etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf
/etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
|
||
/usr/bin/gpu-manager
|
n/a
|
||
/bin/sh
|
sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
|
||
/bin/sh
|
n/a
|
||
/usr/bin/grep
|
grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf
/lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
|
||
/usr/lib/systemd/systemd
|
n/a
|
||
/usr/share/gdm/generate-config
|
/usr/share/gdm/generate-config
|
||
/usr/share/gdm/generate-config
|
n/a
|
||
/usr/bin/pkill
|
pkill --signal HUP --uid gdm dconf-service
|
||
/usr/lib/systemd/systemd
|
n/a
|
||
/usr/lib/gdm3/gdm-wait-for-drm
|
/usr/lib/gdm3/gdm-wait-for-drm
|
||
/usr/lib/systemd/systemd
|
n/a
|
||
/usr/sbin/gdm3
|
/usr/sbin/gdm3
|
||
/usr/sbin/gdm3
|
n/a
|
||
/usr/bin/plymouth
|
plymouth --ping
|
||
/usr/sbin/gdm3
|
n/a
|
||
/usr/lib/gdm3/gdm-session-worker
|
"gdm-session-worker [pam/gdm-launch-environment]"
|
||
/usr/lib/gdm3/gdm-session-worker
|
n/a
|
||
/usr/lib/gdm3/gdm-wayland-session
|
/usr/lib/gdm3/gdm-wayland-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
|
||
/usr/lib/gdm3/gdm-wayland-session
|
n/a
|
||
/usr/bin/dbus-daemon
|
dbus-daemon --print-address 3 --session
|
||
/usr/bin/dbus-daemon
|
n/a
|
||
/usr/bin/dbus-daemon
|
n/a
|
||
/bin/false
|
/bin/false
|
||
/usr/lib/gdm3/gdm-wayland-session
|
n/a
|
||
/usr/bin/dbus-run-session
|
dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
|
||
/usr/bin/dbus-run-session
|
n/a
|
||
/usr/bin/dbus-daemon
|
dbus-daemon --nofork --print-address 4 --session
|
||
/usr/sbin/gdm3
|
n/a
|
||
/etc/gdm3/PrimeOff/Default
|
/etc/gdm3/PrimeOff/Default
|
||
/usr/sbin/gdm3
|
n/a
|
||
/etc/gdm3/PrimeOff/Default
|
/etc/gdm3/PrimeOff/Default
|
||
/usr/lib/systemd/systemd
|
n/a
|
||
/usr/lib/accountsservice/accounts-daemon
|
/usr/lib/accountsservice/accounts-daemon
|
||
/usr/lib/accountsservice/accounts-daemon
|
n/a
|
||
/usr/share/language-tools/language-validate
|
/usr/share/language-tools/language-validate en_US.UTF-8
|
||
/usr/share/language-tools/language-validate
|
n/a
|
||
/usr/share/language-tools/language-options
|
/usr/share/language-tools/language-options
|
||
/usr/share/language-tools/language-options
|
n/a
|
||
/bin/sh
|
sh -c "locale -a | grep -F .utf8 "
|
||
/bin/sh
|
n/a
|
||
/usr/bin/locale
|
locale -a
|
||
/bin/sh
|
n/a
|
||
/usr/bin/grep
|
grep -F .utf8
|
||
/usr/libexec/gvfsd-fuse
|
n/a
|
||
/bin/fusermount
|
fusermount -u -q -z -- /run/user/1000/gvfs
|
||
/usr/lib/systemd/systemd
|
n/a
|
||
/usr/bin/dbus-daemon
|
/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
|
There are 101 hidden processes, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://www.rsyslog.com
|
unknown
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
daisy.ubuntu.com
|
185.125.188.136
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
219.76.244.159
|
unknown
|
Hong Kong
|
||
94.55.185.140
|
unknown
|
Turkey
|
||
161.239.44.164
|
unknown
|
United States
|
||
103.89.204.192
|
unknown
|
China
|
||
112.162.107.95
|
unknown
|
Korea Republic of
|
||
19.88.63.114
|
unknown
|
United States
|
||
213.199.125.244
|
unknown
|
Sweden
|
||
170.50.192.124
|
unknown
|
United States
|
||
4.35.55.127
|
unknown
|
United States
|
||
70.33.68.238
|
unknown
|
United States
|
||
206.198.76.25
|
unknown
|
United States
|
||
159.56.87.135
|
unknown
|
United States
|
||
222.241.253.153
|
unknown
|
China
|
||
117.232.69.31
|
unknown
|
India
|
||
201.67.204.201
|
unknown
|
Brazil
|
||
149.153.99.171
|
unknown
|
Ireland
|
||
205.184.130.99
|
unknown
|
United States
|
||
45.59.178.124
|
unknown
|
Reserved
|
||
39.73.204.115
|
unknown
|
China
|
||
149.4.73.29
|
unknown
|
United States
|
||
176.87.61.223
|
unknown
|
Spain
|
||
99.185.48.59
|
unknown
|
United States
|
||
14.197.211.211
|
unknown
|
China
|
||
62.248.184.246
|
unknown
|
Finland
|
||
105.132.245.150
|
unknown
|
Morocco
|
||
35.118.98.0
|
unknown
|
United States
|
||
176.144.150.251
|
unknown
|
France
|
||
202.47.73.91
|
unknown
|
Indonesia
|
||
104.246.182.216
|
unknown
|
Canada
|
||
222.191.84.208
|
unknown
|
China
|
||
111.161.231.74
|
unknown
|
China
|
||
119.254.64.175
|
unknown
|
China
|
||
186.243.14.231
|
unknown
|
Brazil
|
||
90.112.213.93
|
unknown
|
France
|
||
77.159.188.35
|
unknown
|
France
|
||
206.142.39.12
|
unknown
|
United States
|
||
99.230.212.150
|
unknown
|
Canada
|
||
48.144.192.91
|
unknown
|
United States
|
||
187.23.126.29
|
unknown
|
Brazil
|
||
48.4.254.53
|
unknown
|
United States
|
||
48.155.189.117
|
unknown
|
United States
|
||
18.102.67.185
|
unknown
|
United States
|
||
27.49.160.231
|
unknown
|
India
|
||
89.209.53.36
|
unknown
|
Ukraine
|
||
158.86.240.55
|
unknown
|
United States
|
||
40.47.207.4
|
unknown
|
United States
|
||
27.71.128.226
|
unknown
|
Viet Nam
|
||
36.161.228.78
|
unknown
|
China
|
||
119.25.246.238
|
unknown
|
Japan
|
||
2.191.24.140
|
unknown
|
Iran (ISLAMIC Republic Of)
|
||
216.176.66.144
|
unknown
|
United States
|
||
102.162.71.222
|
unknown
|
Mauritius
|
||
69.67.185.36
|
unknown
|
Canada
|
||
180.189.169.3
|
unknown
|
Timor-leste
|
||
76.29.185.146
|
unknown
|
United States
|
||
13.175.108.225
|
unknown
|
United States
|
||
176.110.148.193
|
unknown
|
Poland
|
||
193.184.0.191
|
unknown
|
Finland
|
||
187.226.24.14
|
unknown
|
Mexico
|
||
27.171.134.176
|
unknown
|
Korea Republic of
|
||
213.120.174.221
|
unknown
|
United Kingdom
|
||
208.90.218.236
|
unknown
|
United States
|
||
163.133.192.177
|
unknown
|
Japan
|
||
213.70.118.123
|
unknown
|
Germany
|
||
162.158.166.142
|
unknown
|
United States
|
||
2.78.125.73
|
unknown
|
Kazakhstan
|
||
1.148.197.113
|
unknown
|
Australia
|
||
57.146.227.212
|
unknown
|
Belgium
|
||
113.213.98.160
|
unknown
|
China
|
||
75.74.47.224
|
unknown
|
United States
|
||
111.249.108.11
|
unknown
|
Taiwan; Republic of China (ROC)
|
||
59.212.182.28
|
unknown
|
China
|
||
112.62.10.49
|
unknown
|
China
|
||
150.155.214.251
|
unknown
|
United States
|
||
32.255.96.230
|
unknown
|
United States
|
||
61.52.209.250
|
unknown
|
China
|
||
100.232.51.122
|
unknown
|
United States
|
||
187.116.133.91
|
unknown
|
Brazil
|
||
110.252.87.61
|
unknown
|
China
|
||
39.103.117.239
|
unknown
|
China
|
||
187.58.205.200
|
unknown
|
Brazil
|
||
157.157.170.165
|
unknown
|
Iceland
|
||
42.220.179.60
|
unknown
|
China
|
||
91.17.4.80
|
unknown
|
Germany
|
||
104.170.219.191
|
unknown
|
United States
|
||
217.48.206.92
|
unknown
|
Germany
|
||
81.228.1.219
|
unknown
|
Sweden
|
||
43.46.77.4
|
unknown
|
Japan
|
||
167.11.74.120
|
unknown
|
Canada
|
||
87.251.251.122
|
unknown
|
Poland
|
||
159.28.99.193
|
unknown
|
Japan
|
||
221.110.200.105
|
unknown
|
Japan
|
||
8.109.34.196
|
unknown
|
United States
|
||
36.88.205.100
|
unknown
|
Indonesia
|
||
73.134.223.75
|
unknown
|
United States
|
||
113.202.153.138
|
unknown
|
China
|
||
147.83.120.176
|
unknown
|
Spain
|
||
58.12.218.160
|
unknown
|
Japan
|
||
161.71.116.100
|
unknown
|
United States
|
||
118.234.109.176
|
unknown
|
Korea Republic of
|
There are 90 hidden IPs, click here to show them.