Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

6gIL6GLh9R

ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, with debug_info, not stripped

initial sample

/var/log/wtmp

data

dropped

/home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-sink

ASCII text

dropped

/home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-source

ASCII text

dropped

/memfd:30-systemd-environment-d-generator (deleted)

ASCII text

dropped

/memfd:user-environment-generators (deleted)

ASCII text

dropped

/proc/6481/oom_score_adj

very short file (no magic)

dropped

/proc/6752/oom_score_adj

very short file (no magic)

dropped

/run/gdm3.pid

ASCII text

dropped

/run/systemd/journal/streams/.#9:74907KcTgBY

ASCII text

dropped

/run/systemd/journal/streams/.#9:74908YhXtMZ

ASCII text

dropped

/run/systemd/journal/streams/.#9:75603XHnZJ2

ASCII text

dropped

/run/systemd/journal/streams/.#9:7560854UGWY

ASCII text

dropped

/run/systemd/journal/streams/.#9:75648HSEZg1

ASCII text

dropped

/run/systemd/journal/streams/.#9:76282Q7faY0

ASCII text

dropped

/run/systemd/journal/streams/.#9:762936Rtbh0

ASCII text

dropped

/run/systemd/journal/streams/.#9:763065qKD00

ASCII text

dropped

/run/systemd/journal/streams/.#9:764607G7y91

ASCII text

dropped

/run/systemd/journal/streams/.#9:764661C4G2Z

ASCII text

dropped

/run/systemd/journal/streams/.#9:76483yHLTc2

ASCII text

dropped

/run/systemd/journal/streams/.#9:76734aHVBv1

ASCII text

dropped

/run/systemd/journal/streams/.#9:76816EpIxf0

ASCII text

dropped

/run/systemd/journal/streams/.#9:77222APHFD1

ASCII text

dropped

/run/systemd/journal/streams/.#9:77279rW8DKY

ASCII text

dropped

/run/systemd/journal/streams/.#9:77281dKkVj1

ASCII text

dropped

/run/systemd/journal/streams/.#9:77313lTXDsZ

ASCII text

dropped

/run/systemd/journal/streams/.#9:77318Ntn5G1

ASCII text

dropped

/run/systemd/journal/streams/.#9:78530WYHCsW

ASCII text

dropped

/run/systemd/journal/streams/.#9:78659QmgUCT

ASCII text

dropped

/run/systemd/journal/streams/.#9:79001nJ1kDW

ASCII text

dropped

/run/systemd/journal/streams/.#9:79003S5LcwW

ASCII text

dropped

/run/systemd/journal/streams/.#9:79018ws0pnV

ASCII text

dropped

/run/systemd/journal/streams/.#9:79019lZe3AV

ASCII text

dropped

/run/systemd/journal/streams/.#9:790217VV9sT

ASCII text

dropped

/run/systemd/journal/streams/.#9:79022JfbHJV

ASCII text

dropped

/run/systemd/journal/streams/.#9:79030m6EINU

ASCII text

dropped

/run/systemd/journal/streams/.#9:79564nzFwvb

ASCII text

dropped

/run/systemd/journal/streams/.#9:7956573XpT7

ASCII text

dropped

/run/systemd/journal/streams/.#9:79857UnSIRa

ASCII text

dropped

/run/systemd/journal/streams/.#9:80090sKzz08

ASCII text

dropped

/run/systemd/journal/streams/.#9:80198472PP9

ASCII text

dropped

/run/systemd/journal/streams/.#9:80199VfwKE7

ASCII text

dropped

/run/systemd/journal/streams/.#9:80200qaQNp8

ASCII text

dropped

/run/systemd/journal/streams/.#9:80209AuLRP7

ASCII text

dropped

/run/systemd/journal/streams/.#9:802193mvth7

ASCII text

dropped

/run/systemd/journal/streams/.#9:802203bqbDb

ASCII text

dropped

/run/systemd/journal/streams/.#9:802233Oj4f7

ASCII text

dropped

/run/systemd/journal/streams/.#9:80224CxNR98

ASCII text

dropped

/run/systemd/journal/streams/.#9:80267qBNDd8

ASCII text

dropped

/run/systemd/journal/streams/.#9:80268tMiLn8

ASCII text

dropped

/run/systemd/journal/streams/.#9:80302VjkqN8

ASCII text

dropped

/run/systemd/journal/streams/.#9:8030363hRo8

ASCII text

dropped

/run/systemd/journal/streams/.#9:80839bdrb2m

ASCII text

dropped

/run/systemd/journal/streams/.#9:80840LUNoBq

ASCII text

dropped

/run/systemd/journal/streams/.#9:80855OOJ4Dn

ASCII text

dropped

/run/systemd/journal/streams/.#9:80859HMYFwq

ASCII text

dropped

/run/systemd/journal/streams/.#9:808605vy5in

ASCII text

dropped

/run/systemd/journal/streams/.#9:80862wtapQo

ASCII text

dropped

/run/systemd/journal/streams/.#9:80883sZlfko

ASCII text

dropped

/run/systemd/journal/streams/.#9:827030qQjuG

ASCII text

dropped

/run/systemd/journal/streams/.#9:82718WqsSvI

ASCII text

dropped

/run/systemd/journal/streams/.#9:827193ofILI

ASCII text

dropped

/run/systemd/journal/streams/.#9:827207EgvPE

ASCII text

dropped

/run/systemd/journal/streams/.#9:82727hvCtjG

ASCII text

dropped

/run/systemd/journal/streams/.#9:82728h0VebH

ASCII text

dropped

/run/systemd/journal/streams/.#9:83247c0XgpF

ASCII text

dropped

/run/systemd/journal/streams/.#9:83253FjLj8H

ASCII text

dropped

/run/systemd/journal/streams/.#9:83261ZcxUvF

ASCII text

dropped

/run/systemd/journal/streams/.#9:83262gCngnG

ASCII text

dropped

/run/systemd/journal/streams/.#9:83266nuezcG

ASCII text

dropped

/run/systemd/journal/streams/.#9:83267NgGHuF

ASCII text

dropped

/run/systemd/journal/streams/.#9:83278jQCkRE

ASCII text

dropped

/run/systemd/journal/streams/.#9:83282jOZ5RF

ASCII text

dropped

/run/systemd/journal/streams/.#9:83283Xq186I

ASCII text

dropped

/run/systemd/journal/streams/.#9:83285dCfHGG

ASCII text

dropped

/run/systemd/journal/streams/.#9:83286ahPRoI

ASCII text

dropped

/run/systemd/seats/.#seat0HzP17k

ASCII text

dropped

/run/systemd/seats/.#seat0K16fYl

ASCII text

dropped

/run/systemd/seats/.#seat0M9T2qZ

ASCII text

dropped

/run/systemd/seats/.#seat0YpYzkE

ASCII text

dropped

/run/systemd/seats/.#seat0i6qGpk

ASCII text

dropped

/run/systemd/seats/.#seat0xn76yi

ASCII text

dropped

/run/systemd/seats/.#seat0zs0y8u

ASCII text

dropped

/run/systemd/users/.#1279ZRaxm

ASCII text

dropped

/run/systemd/users/.#127LT7oLo

ASCII text

dropped

/run/systemd/users/.#127NKcwVk

ASCII text

dropped

/run/systemd/users/.#127TdX6Hj

ASCII text

dropped

/run/systemd/users/.#127TeLMik

ASCII text

dropped

/run/systemd/users/.#127Z4vyKh

ASCII text

dropped

/run/systemd/users/.#127pU3buh

ASCII text

dropped

/run/systemd/users/.#127qAetKk

ASCII text

dropped

/run/user/1000/pulse/pid

ASCII text

dropped

/run/utmp

data

dropped

/sys/fs/cgroup/systemd/user.slice/user-127.slice/user@127.service/dbus.socket/cgroup.procs

ASCII text

dropped

/sys/fs/cgroup/systemd/user.slice/user-127.slice/user@127.service/init.scope/cgroup.procs

ASCII text

dropped

/sys/fs/cgroup/systemd/user.slice/user-127.slice/user@127.service/pulseaudio.service/cgroup.procs

ASCII text

dropped

/sys/fs/cgroup/unified/user.slice/user-127.slice/user@127.service/dbus.socket/cgroup.procs

ASCII text

dropped

/sys/fs/cgroup/unified/user.slice/user-127.slice/user@127.service/init.scope/cgroup.procs

ASCII text

dropped

/sys/fs/cgroup/unified/user.slice/user-127.slice/user@127.service/pulseaudio.service/cgroup.procs

ASCII text

dropped

/tmp/qemu-open.kCThj6 (deleted)

ASCII text

dropped

/var/crash/_usr_bin_light-locker.1000.uploaded

ASCII text

dropped

/var/lib/AccountsService/users/gdm.GDQ4M1

ASCII text

dropped

/var/lib/AccountsService/users/gdm.P6TUM1

ASCII text

dropped

/var/lib/ubuntu-drivers-common/last_gfx_boot

ASCII text

dropped

/var/lib/whoopsie/whoopsie-id.DVSVM1

ASCII text, with no line terminators

dropped

/var/lib/whoopsie/whoopsie-id.E7YEN1

ASCII text, with no line terminators

dropped

/var/lib/whoopsie/whoopsie-id.ISY8M1

ASCII text, with no line terminators

dropped

/var/lib/whoopsie/whoopsie-id.LMZBN1

ASCII text, with no line terminators

dropped

/var/lib/whoopsie/whoopsie-id.Z7OTM1

ASCII text, with no line terminators

dropped

/var/log/auth.log

ASCII text

dropped

/var/log/gpu-manager.log

ASCII text

dropped

/var/log/journal/ee49dfd4fa47433baee88884e2d7de7c/system.journal

data

dropped

/var/log/journal/ee49dfd4fa47433baee88884e2d7de7c/user-1000.journal

data

dropped

/var/log/kern.log

ASCII text

dropped

/var/log/syslog

ASCII text

dropped

There are 105 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

/tmp/6gIL6GLh9R

n/a

/tmp/6gIL6GLh9R

n/a

/tmp/6gIL6GLh9R

n/a

/tmp/6gIL6GLh9R

n/a

/tmp/6gIL6GLh9R

n/a

/usr/lib/systemd/systemd

n/a

/usr/bin/journalctl

/usr/bin/journalctl --smart-relinquish-var

/usr/lib/systemd/systemd

n/a

/lib/systemd/systemd-journald

/usr/lib/systemd/systemd

n/a

/usr/bin/journalctl

/usr/bin/journalctl --flush

/usr/lib/systemd/systemd

n/a

/usr/bin/whoopsie

/usr/bin/whoopsie -f

/usr/lib/systemd/systemd

n/a

/usr/bin/dbus-daemon

/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

/usr/lib/systemd/systemd

n/a

/usr/bin/pulseaudio

/usr/bin/pulseaudio --daemonize=no --log-target=journal

/usr/lib/systemd/systemd

n/a

/usr/libexec/rtkit-daemon

/usr/lib/systemd/systemd

n/a

/lib/systemd/systemd-logind

/usr/lib/systemd/systemd

n/a

/usr/lib/policykit-1/polkitd

/usr/lib/policykit-1/polkitd --no-debug

/usr/lib/systemd/systemd

n/a

/sbin/agetty

/sbin/agetty -o "-p -- \\u" --noclear tty2 linux

/usr/lib/systemd/systemd

n/a

/usr/sbin/rsyslogd

/usr/sbin/rsyslogd -n -iNONE

/usr/sbin/gdm3

n/a

/etc/gdm3/PrimeOff/Default

/usr/lib/systemd/systemd-udevd

n/a

/etc/console-setup/cached_setup_terminal.sh

/etc/console-setup/cached_setup_terminal.sh vcs2

/usr/sbin/gdm3

n/a

/etc/gdm3/PrimeOff/Default

/usr/sbin/gdm3

n/a

/etc/gdm3/PrimeOff/Default

/usr/lib/systemd/systemd

n/a

/usr/bin/gpu-manager

/usr/bin/gpu-manager --log /var/log/gpu-manager.log

/usr/bin/gpu-manager

n/a

/bin/sh

sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"

/bin/sh

n/a

/usr/bin/grep

grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf

/usr/bin/gpu-manager

n/a

/bin/sh

sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"

/bin/sh

n/a

/usr/bin/grep

grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf

/usr/bin/gpu-manager

n/a

/bin/sh

sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"

/bin/sh

n/a

/usr/bin/grep

grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf

/usr/bin/gpu-manager

n/a

/bin/sh

sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"

/bin/sh

n/a

/usr/bin/grep

grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf

/usr/bin/gpu-manager

n/a

/bin/sh

sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"

/bin/sh

n/a

/usr/bin/grep

grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf

/usr/bin/gpu-manager

n/a

/bin/sh

sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"

/bin/sh

n/a

/usr/bin/grep

grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf

/usr/bin/gpu-manager

n/a

/bin/sh

sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"

/bin/sh

n/a

/usr/bin/grep

grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf

/usr/bin/gpu-manager

n/a

/bin/sh

sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"

/bin/sh

n/a

/usr/bin/grep

grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf

/usr/lib/systemd/systemd

n/a

/usr/share/gdm/generate-config

n/a

/usr/bin/pkill

pkill --signal HUP --uid gdm dconf-service

/usr/lib/systemd/systemd

n/a

/usr/lib/gdm3/gdm-wait-for-drm

/usr/lib/systemd/systemd

n/a

/usr/sbin/gdm3

n/a

/usr/bin/plymouth

plymouth --ping

/usr/sbin/gdm3

n/a

/usr/lib/gdm3/gdm-session-worker

"gdm-session-worker [pam/gdm-launch-environment]"

/usr/lib/gdm3/gdm-session-worker

n/a

/usr/lib/gdm3/gdm-wayland-session

/usr/lib/gdm3/gdm-wayland-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"

/usr/lib/gdm3/gdm-wayland-session

n/a

/usr/bin/dbus-daemon

dbus-daemon --print-address 3 --session

/usr/bin/dbus-daemon

n/a

/usr/bin/dbus-daemon

n/a

/bin/false

/usr/lib/gdm3/gdm-wayland-session

n/a

/usr/bin/dbus-run-session

dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart

/usr/bin/dbus-run-session

n/a

/usr/bin/dbus-daemon

dbus-daemon --nofork --print-address 4 --session

/usr/sbin/gdm3

n/a

/etc/gdm3/PrimeOff/Default

/usr/sbin/gdm3

n/a

/etc/gdm3/PrimeOff/Default

/usr/lib/systemd/systemd

n/a

/usr/lib/accountsservice/accounts-daemon

n/a

/usr/share/language-tools/language-validate

/usr/share/language-tools/language-validate en_US.UTF-8

/usr/share/language-tools/language-validate

n/a

/usr/share/language-tools/language-options

n/a

/bin/sh

sh -c "locale -a | grep -F .utf8 "

/bin/sh

n/a

/usr/bin/locale

locale -a

/bin/sh

n/a

/usr/bin/grep

grep -F .utf8

/usr/libexec/gvfsd-fuse

n/a

/bin/fusermount

fusermount -u -q -z -- /run/user/1000/gvfs

/usr/lib/systemd/systemd

n/a

/usr/bin/journalctl

/usr/bin/journalctl --smart-relinquish-var

/usr/lib/systemd/systemd

n/a

/lib/systemd/systemd-journald

/usr/lib/systemd/systemd

n/a

/usr/bin/whoopsie

/usr/bin/whoopsie -f

/usr/lib/systemd/systemd

n/a

/usr/bin/dbus-daemon

/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

/usr/lib/systemd/systemd

n/a

/usr/bin/pulseaudio

/usr/bin/pulseaudio --daemonize=no --log-target=journal

/usr/lib/systemd/systemd

n/a

/lib/systemd/systemd-logind

/usr/lib/systemd/systemd

n/a

/usr/libexec/rtkit-daemon

/usr/lib/systemd/systemd

n/a

/usr/bin/gpu-manager

/usr/bin/gpu-manager --log /var/log/gpu-manager.log

/usr/bin/gpu-manager

n/a

/bin/sh

sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"

/bin/sh

n/a

/usr/bin/grep

/usr/bin/gpu-manager

n/a

/bin/sh

sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"

/bin/sh

n/a

/usr/bin/grep

/usr/bin/gpu-manager

n/a

/bin/sh

sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"

/bin/sh

n/a

/usr/bin/grep

/usr/bin/gpu-manager

n/a

/bin/sh

sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"

/bin/sh

n/a

/usr/bin/grep

/usr/bin/gpu-manager

n/a

/bin/sh

sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"

/bin/sh

n/a

/usr/bin/grep

/usr/bin/gpu-manager

n/a

/bin/sh

sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"

/bin/sh

n/a

/usr/bin/grep

/usr/bin/gpu-manager

n/a

/bin/sh

sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"

/bin/sh

n/a

/usr/bin/grep

/usr/bin/gpu-manager

n/a

/bin/sh

sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"

/bin/sh

n/a

/usr/bin/grep

/usr/lib/systemd/systemd

n/a

/usr/lib/policykit-1/polkitd

/usr/lib/policykit-1/polkitd --no-debug

/usr/lib/systemd/systemd

n/a

/usr/bin/journalctl

/usr/bin/journalctl --flush

/usr/lib/systemd/systemd

n/a

/sbin/agetty

/sbin/agetty -o "-p -- \\u" --noclear tty2 linux

/usr/lib/systemd/systemd

n/a

/usr/sbin/rsyslogd

/usr/sbin/rsyslogd -n -iNONE

/usr/lib/systemd/systemd

n/a

/usr/share/gdm/generate-config

n/a

/usr/bin/pkill

pkill --signal HUP --uid gdm dconf-service

/usr/lib/systemd/systemd

n/a

/usr/bin/journalctl

/usr/bin/journalctl --smart-relinquish-var

/usr/lib/systemd/systemd

n/a

/usr/bin/dbus-daemon

/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

/usr/lib/systemd/systemd

n/a

/lib/systemd/systemd-journald

/usr/lib/systemd/systemd

n/a

/usr/lib/gdm3/gdm-wait-for-drm

/usr/lib/systemd/systemd

n/a

/usr/bin/whoopsie

/usr/bin/whoopsie -f

/usr/lib/systemd/systemd

n/a

/usr/bin/dbus-daemon

/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

/usr/lib/systemd/systemd

n/a

/usr/bin/pulseaudio

/usr/bin/pulseaudio --daemonize=no --log-target=journal

/usr/lib/systemd/systemd

n/a

/usr/bin/journalctl

/usr/bin/journalctl --flush

/usr/lib/systemd/systemd

n/a

/lib/systemd/systemd-logind

/usr/lib/systemd/systemd

n/a

/usr/libexec/rtkit-daemon

/usr/lib/systemd/systemd

n/a

/usr/lib/policykit-1/polkitd

/usr/lib/policykit-1/polkitd --no-debug

/usr/lib/systemd/systemd

n/a

/sbin/agetty

/sbin/agetty -o "-p -- \\u" --noclear tty2 linux

/usr/lib/systemd/systemd

n/a

/usr/sbin/rsyslogd

/usr/sbin/rsyslogd -n -iNONE

/usr/lib/systemd/systemd

n/a

/usr/sbin/gdm3

n/a

/usr/bin/plymouth

plymouth --ping

/usr/sbin/gdm3

n/a

/usr/lib/gdm3/gdm-session-worker

"gdm-session-worker [pam/gdm-launch-environment]"

/usr/lib/gdm3/gdm-session-worker

n/a

/usr/lib/gdm3/gdm-wayland-session

/usr/lib/gdm3/gdm-wayland-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"

/usr/lib/gdm3/gdm-wayland-session

n/a

/usr/bin/dbus-daemon

dbus-daemon --print-address 3 --session

/usr/bin/dbus-daemon

n/a

/usr/bin/dbus-daemon

n/a

/bin/false

/usr/lib/gdm3/gdm-wayland-session

n/a

/usr/bin/dbus-run-session

dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart

/usr/sbin/gdm3

n/a

/etc/gdm3/PrimeOff/Default

/usr/sbin/gdm3

n/a

/etc/gdm3/PrimeOff/Default

/usr/lib/systemd/systemd

n/a

/usr/lib/accountsservice/accounts-daemon

n/a

/usr/share/language-tools/language-validate

/usr/share/language-tools/language-validate en_US.UTF-8

/usr/share/language-tools/language-validate

n/a

/usr/share/language-tools/language-options

n/a

/bin/sh

sh -c "locale -a | grep -F .utf8 "

/bin/sh

n/a

/usr/bin/locale

locale -a

/bin/sh

n/a

/usr/bin/grep

grep -F .utf8

/usr/lib/systemd/systemd

n/a

/usr/bin/journalctl

/usr/bin/journalctl --smart-relinquish-var

/usr/lib/systemd/systemd

n/a

/lib/systemd/systemd-journald

/usr/lib/systemd/systemd

n/a

/lib/systemd/systemd

/lib/systemd/systemd --user

/lib/systemd/systemd

n/a

/lib/systemd/systemd

n/a

/usr/lib/systemd/user-environment-generators/30-systemd-environment-d-generator

/lib/systemd/systemd

n/a

/bin/systemctl

/bin/systemctl --user set-environment DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/127/bus

/lib/systemd/systemd

n/a

/usr/bin/pulseaudio

/usr/bin/pulseaudio --daemonize=no --log-target=journal

/usr/lib/systemd/systemd

n/a

/usr/bin/whoopsie

/usr/bin/whoopsie -f

/usr/lib/systemd/systemd

n/a

/usr/bin/dbus-daemon

/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

/usr/lib/systemd/systemd

n/a

/usr/bin/pulseaudio

/usr/bin/pulseaudio --daemonize=no --log-target=journal

/usr/lib/systemd/systemd

n/a

/lib/systemd/systemd-logind

/usr/lib/systemd/systemd

n/a

/usr/libexec/rtkit-daemon

/usr/lib/systemd/systemd

n/a

/usr/lib/policykit-1/polkitd

/usr/lib/policykit-1/polkitd --no-debug

/usr/lib/systemd/systemd

n/a

/usr/bin/gpu-manager

/usr/bin/gpu-manager --log /var/log/gpu-manager.log

/usr/bin/gpu-manager

n/a

/bin/sh

sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"

/bin/sh

n/a

/usr/bin/grep

/usr/bin/gpu-manager

n/a

/bin/sh

sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"

/bin/sh

n/a

/usr/bin/grep

/usr/bin/gpu-manager

n/a

/bin/sh

sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"

/bin/sh

n/a

/usr/bin/grep

/usr/bin/gpu-manager

n/a

/bin/sh

sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"

/bin/sh

n/a

/usr/bin/grep

/usr/bin/gpu-manager

n/a

/bin/sh

sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"

/bin/sh

n/a

/usr/bin/grep

/usr/bin/gpu-manager

n/a

/bin/sh

sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"

/bin/sh

n/a

/usr/bin/grep

/usr/bin/gpu-manager

n/a

/bin/sh

sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"

/bin/sh

n/a

/usr/bin/grep

/usr/bin/gpu-manager

n/a

/bin/sh

sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"

/bin/sh

n/a

/usr/bin/grep

/usr/lib/systemd/systemd

n/a

/sbin/agetty

/sbin/agetty -o "-p -- \\u" --noclear tty2 linux

/usr/lib/systemd/systemd

n/a

/usr/sbin/rsyslogd

/usr/sbin/rsyslogd -n -iNONE

/usr/lib/systemd/systemd

n/a

/usr/bin/journalctl

/usr/bin/journalctl --flush

/usr/lib/systemd/systemd

n/a

/usr/bin/journalctl

/usr/bin/journalctl --smart-relinquish-var

/usr/lib/systemd/systemd

n/a

/lib/systemd/systemd-journald

/usr/lib/systemd/systemd

n/a

/usr/bin/dbus-daemon

/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

/usr/lib/systemd/systemd

n/a

/usr/share/gdm/generate-config

n/a

/usr/bin/pkill

pkill --signal HUP --uid gdm dconf-service

/usr/lib/systemd/systemd

n/a

/usr/bin/whoopsie

/usr/bin/whoopsie -f

/usr/lib/systemd/systemd

n/a

/usr/lib/gdm3/gdm-wait-for-drm

/usr/lib/systemd/systemd

n/a

/usr/bin/dbus-daemon

/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

/usr/lib/systemd/systemd

n/a

/usr/bin/pulseaudio

/usr/bin/pulseaudio --daemonize=no --log-target=journal

/usr/lib/systemd/systemd

n/a

/lib/systemd/systemd-logind

/usr/lib/systemd/systemd

n/a

/usr/libexec/rtkit-daemon

/usr/lib/systemd/systemd

n/a

/usr/bin/journalctl

/usr/bin/journalctl --flush

/usr/lib/systemd/systemd

n/a

/usr/lib/policykit-1/polkitd

/usr/lib/policykit-1/polkitd --no-debug

/usr/lib/systemd/systemd

n/a

/sbin/agetty

/sbin/agetty -o "-p -- \\u" --noclear tty2 linux

/usr/lib/systemd/systemd

n/a

/usr/sbin/rsyslogd

/usr/sbin/rsyslogd -n -iNONE

/usr/lib/systemd/systemd

n/a

/usr/bin/journalctl

/usr/bin/journalctl --smart-relinquish-var

/usr/lib/systemd/systemd

n/a

/lib/systemd/systemd-journald

/usr/lib/systemd/systemd

n/a

/usr/sbin/gdm3

n/a

/usr/bin/plymouth

plymouth --ping

/usr/sbin/gdm3

n/a

/usr/lib/gdm3/gdm-session-worker

"gdm-session-worker [pam/gdm-launch-environment]"

/usr/lib/systemd/systemd

n/a

/usr/lib/accountsservice/accounts-daemon

n/a

/usr/share/language-tools/language-validate

/usr/share/language-tools/language-validate en_US.UTF-8

/usr/share/language-tools/language-validate

n/a

/usr/share/language-tools/language-options

n/a

/bin/sh

sh -c "locale -a | grep -F .utf8 "

/bin/sh

n/a

/usr/bin/locale

locale -a

/bin/sh

n/a

/usr/bin/grep

grep -F .utf8

/usr/lib/systemd/systemd

n/a

/usr/bin/whoopsie

/usr/bin/whoopsie -f

There are 337 hidden processes, click here to show them.

URLs

Name

Malicious

https://www.rsyslog.com

unknown

Domains

Name

Malicious

daisy.ubuntu.com

185.125.188.137

Details

Name:	daisy.ubuntu.com
IP:	185.125.188.137
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

180.102.235.37

unknown

China

118.218.75.33

unknown

Korea Republic of

183.43.249.222

unknown

China

53.59.63.35

unknown

Germany

85.239.107.103

unknown

Germany

180.38.220.68

unknown

Japan

160.218.230.61

unknown

Czech Republic

110.46.44.140

unknown

Korea Republic of

195.77.52.159

unknown

Spain

117.248.227.5

unknown

India

168.224.103.243

unknown

United States

185.114.163.50

unknown

Ireland

66.142.12.181

unknown

United States

164.69.149.11

unknown

Japan

41.37.22.59

unknown

Egypt

150.38.242.139

unknown

Japan

197.241.226.183

unknown

Angola

77.197.0.249

unknown

France

73.63.4.69

unknown

United States

171.83.195.89

unknown

China

193.224.142.169

unknown

Hungary

149.119.66.93

unknown

United States

211.46.47.245

unknown

Korea Republic of

79.194.218.46

unknown

Germany

86.36.155.182

unknown

Qatar

59.11.110.116

unknown

Korea Republic of

89.154.120.125

unknown

Portugal

196.82.255.189

unknown

Morocco

106.116.197.74

unknown

China

219.199.62.193

unknown

Japan

202.249.240.98

unknown

Japan

81.87.79.174

unknown

United Kingdom

161.236.138.122

unknown

United States

113.40.35.231

unknown

Japan

97.155.23.40

unknown

United States

8.124.12.147

unknown

United States

109.193.92.64

unknown

Germany

159.6.65.194

unknown

Canada

27.242.146.18

unknown

Taiwan; Republic of China (ROC)

72.8.160.227

unknown

United States

162.178.41.108

unknown

United States

118.243.102.216

unknown

Japan

87.58.15.119

unknown

Denmark

48.221.53.130

unknown

United States

96.112.179.205

unknown

United States

205.223.57.76

unknown

United States

41.169.50.109

unknown

South Africa

73.74.56.155

unknown

United States

1.34.218.58

unknown

Taiwan; Republic of China (ROC)

75.156.126.48

unknown

Canada

139.237.140.198

unknown

United States

40.86.60.220

unknown

United States

79.242.191.254

unknown

Germany

157.69.228.108

unknown

Japan

24.249.185.198

unknown

United States

108.124.109.216

unknown

United States

124.25.151.81

unknown

Japan

118.118.129.108

unknown

China

165.161.203.135

unknown

United States

17.152.116.13

unknown

United States

154.52.99.81

unknown

United States

178.165.242.98

unknown

Austria

113.228.66.169

unknown

China

41.119.232.127

unknown

South Africa

41.254.158.144

unknown

Libyan Arab Jamahiriya

63.10.95.67

unknown

United States

119.18.52.5

unknown

India

204.187.191.249

unknown

Canada

84.46.116.225

unknown

Germany

164.205.168.226

unknown

United States

85.192.163.6

unknown

Russian Federation

141.79.250.229

unknown

Germany

201.63.26.127

unknown

Brazil

101.255.113.22

unknown

Indonesia

185.227.197.197

unknown

United Kingdom

191.152.78.188

unknown

Colombia

178.136.126.22

unknown

Ukraine

119.39.14.214

unknown

China

71.233.106.104

unknown

United States

93.71.108.188

unknown

Italy

23.119.46.253

unknown

United States

219.135.58.124

unknown

China

164.19.161.193

unknown

Germany

57.159.115.221

unknown

Belgium

216.61.127.70

unknown

United States

41.225.247.253

unknown

Tunisia

70.134.116.5

unknown

United States

213.65.121.58

unknown

Sweden

157.97.102.158

unknown

Netherlands

57.37.31.230

unknown

Belgium

110.57.233.194

unknown

China

153.210.55.36

unknown

Japan

99.70.156.74

unknown

United States

78.51.203.229

unknown

Germany

199.70.171.32

unknown

United States

180.132.154.152

unknown

Korea Republic of

148.226.199.223

unknown

Mexico

31.47.209.241

unknown

Romania

219.61.62.110

unknown

Japan

166.19.90.2

unknown

United States

There are 90 hidden IPs, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
6gIL6GLh9R

Files

Processes

URLs

Domains

IPs

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report6gIL6GLh9R

Files

Processes

URLs

Domains

IPs

IOC Report
6gIL6GLh9R