Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
/tmp/W46ssx5gcI.elf
|
/tmp/W46ssx5gcI.elf
|
||
|
/tmp/W46ssx5gcI.elf
|
-
|
||
|
/tmp/W46ssx5gcI.elf
|
-
|
||
|
/usr/libexec/gnome-session-binary
|
-
|
||
|
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
|
||
|
/usr/libexec/gsd-rfkill
|
/usr/libexec/gsd-rfkill
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/lib/systemd/systemd-hostnamed
|
/lib/systemd/systemd-hostnamed
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
cnc.voidnet.click
|
94.156.79.77
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
94.156.79.77
|
cnc.voidnet.click
|
Bulgaria
|
||
|
89.190.156.145
|
unknown
|
United Kingdom
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
411000
|
page execute read
|
|||
|
fb5000
|
page read and write
|
|||
|
512000
|
page read and write
|
|||
|
7ffd10820000
|
page read and write
|
|||
|
514000
|
page read and write
|
|||
|
7ffd109e1000
|
page execute read
|