Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C1Dd84tB3n.elf
|
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, stripped
|
initial sample
|
 |
|
|
/run/user/127/dconf/user
|
very short file (no magic)
|
dropped
|
||
|
/tmp/server-0.xkm
|
Compiled XKB Keymap: lsb, version 15
|
dropped
|
||
|
/var/lib/AccountsService/users/gdm.T77PM2
|
ASCII text
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
/tmp/C1Dd84tB3n.elf
|
/tmp/C1Dd84tB3n.elf
|
||
|
/tmp/C1Dd84tB3n.elf
|
-
|
||
|
/tmp/C1Dd84tB3n.elf
|
-
|
||
|
/usr/lib/udisks2/udisksd
|
-
|
||
|
/usr/sbin/dumpe2fs
|
dumpe2fs -h /dev/dm-0
|
||
|
/usr/libexec/gnome-session-binary
|
-
|
||
|
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom
|
||
|
/usr/libexec/gsd-wacom
|
/usr/libexec/gsd-wacom
|
||
|
/usr/lib/udisks2/udisksd
|
-
|
||
|
/usr/sbin/dumpe2fs
|
dumpe2fs -h /dev/dm-0
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/lib/upower/upowerd
|
/usr/lib/upower/upowerd
|
||
|
/usr/bin/xfce4-panel
|
-
|
||
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray
"Notification Area" "Area where notification icons appear"
|
||
|
/usr/libexec/gnome-session-binary
|
-
|
||
|
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard
|
||
|
/usr/libexec/gsd-keyboard
|
/usr/libexec/gsd-keyboard
|
||
|
/usr/bin/xfce4-panel
|
-
|
||
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921
statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
|
||
|
/usr/bin/xfce4-panel
|
-
|
||
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9
12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness
of your display"
|
||
|
/usr/libexec/gnome-session-binary
|
-
|
||
|
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-smartcard
|
||
|
/usr/libexec/gsd-smartcard
|
/usr/libexec/gsd-smartcard
|
||
|
/usr/bin/xfce4-panel
|
-
|
||
|
/usr/lib/udisks2/udisksd
|
-
|
||
|
/usr/sbin/dumpe2fs
|
dumpe2fs -h /dev/dm-0
|
||
|
/usr/libexec/gnome-session-binary
|
-
|
||
|
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
|
||
|
/usr/libexec/gsd-sharing
|
/usr/libexec/gsd-sharing
|
||
|
/usr/libexec/gnome-session-binary
|
-
|
||
|
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
|
||
|
/usr/libexec/gsd-rfkill
|
/usr/libexec/gsd-rfkill
|
||
|
/usr/lib/gdm3/gdm-session-worker
|
-
|
||
|
/etc/gdm3/PostSession/Default
|
/etc/gdm3/PostSession/Default
|
||
|
/usr/libexec/gnome-session-binary
|
-
|
||
|
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys
|
||
|
/usr/libexec/gsd-media-keys
|
/usr/libexec/gsd-media-keys
|
||
|
/usr/sbin/gdm3
|
-
|
||
|
/etc/gdm3/PrimeOff/Default
|
/etc/gdm3/PrimeOff/Default
|
||
|
/usr/libexec/gnome-session-binary
|
-
|
||
|
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
|
||
|
/usr/libexec/gsd-print-notifications
|
/usr/libexec/gsd-print-notifications
|
||
|
/usr/libexec/gsd-print-notifications
|
-
|
||
|
/usr/libexec/gsd-print-notifications
|
-
|
||
|
/usr/libexec/gsd-printer
|
/usr/libexec/gsd-printer
|
||
|
/usr/libexec/gnome-session-binary
|
-
|
||
|
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-color
|
||
|
/usr/libexec/gsd-color
|
/usr/libexec/gsd-color
|
||
|
/usr/libexec/gnome-session-binary
|
-
|
||
|
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-screensaver-proxy
|
||
|
/usr/libexec/gsd-screensaver-proxy
|
/usr/libexec/gsd-screensaver-proxy
|
||
|
/usr/lib/udisks2/udisksd
|
-
|
||
|
/usr/sbin/dumpe2fs
|
dumpe2fs -h /dev/dm-0
|
||
|
/usr/libexec/gnome-session-binary
|
-
|
||
|
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-a11y-settings
|
||
|
/usr/libexec/gsd-a11y-settings
|
/usr/libexec/gsd-a11y-settings
|
||
|
/usr/libexec/gnome-session-binary
|
-
|
||
|
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
|
||
|
/usr/libexec/gsd-housekeeping
|
/usr/libexec/gsd-housekeeping
|
||
|
/usr/libexec/gnome-session-binary
|
-
|
||
|
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sound
|
||
|
/usr/libexec/gsd-sound
|
/usr/libexec/gsd-sound
|
||
|
/usr/libexec/gnome-session-binary
|
-
|
||
|
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-power
|
||
|
/usr/libexec/gsd-power
|
/usr/libexec/gsd-power
|
||
|
/usr/lib/xorg/Xorg
|
-
|
||
|
/bin/sh
|
sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\"
-emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/xkbcomp
|
/usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors
from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/lib/systemd/systemd-hostnamed
|
/lib/systemd/systemd-hostnamed
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/lib/systemd/systemd-user-runtime-dir
|
/lib/systemd/systemd-user-runtime-dir stop 1000
|
||
|
/usr/bin/dbus-daemon
|
-
|
||
|
/bin/false
|
/bin/false
|
||
|
/usr/lib/xorg/Xorg
|
-
|
||
|
/bin/sh
|
sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\"
-emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/xkbcomp
|
/usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors
from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/libexec/colord
|
/usr/libexec/colord
|
||
|
/usr/libexec/colord
|
-
|
||
|
/usr/libexec/colord-sane
|
/usr/libexec/colord-sane
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/lib/accountsservice/accounts-daemon
|
/usr/lib/accountsservice/accounts-daemon
|
||
|
/usr/lib/accountsservice/accounts-daemon
|
-
|
||
|
/usr/share/language-tools/language-validate
|
/usr/share/language-tools/language-validate en_US.UTF-8
|
||
|
/usr/share/language-tools/language-validate
|
-
|
||
|
/usr/share/language-tools/language-options
|
/usr/share/language-tools/language-options
|
||
|
/usr/share/language-tools/language-options
|
-
|
||
|
/bin/sh
|
sh -c "locale -a | grep -F .utf8 "
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/locale
|
locale -a
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/grep
|
grep -F .utf8
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/lib/systemd/systemd-localed
|
/lib/systemd/systemd-localed
|
||
|
/usr/sbin/gdm3
|
-
|
||
|
/etc/gdm3/PrimeOff/Default
|
/etc/gdm3/PrimeOff/Default
|
||
|
/usr/sbin/gdm3
|
-
|
||
|
/etc/gdm3/PrimeOff/Default
|
/etc/gdm3/PrimeOff/Default
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/lib/systemd/systemd-user-runtime-dir
|
/lib/systemd/systemd-user-runtime-dir stop 127
|
There are 94 hidden processes, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
fdh32fsdfhs.shop
|
185.196.9.5
|
|
|
|
daisy.ubuntu.com
|
162.213.35.25
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.196.9.5
|
fdh32fsdfhs.shop
|
Switzerland
|
|
|
|
185.125.190.26
|
unknown
|
United Kingdom
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7ffff83d3000
|
page read and write
|
|||
|
7ffff83d3000
|
page read and write
|
|||
|
7ffff83ec000
|
page execute read
|
|||
|
50d000
|
page read and write
|
|||
|
50d000
|
page read and write
|
|||
|
7ffff83d3000
|
page read and write
|
|||
|
fbb000
|
page read and write
|
|||
|
40d000
|
page execute read
|
|||
|
7ffff83ec000
|
page execute read
|
|||
|
7ffff83ec000
|
page execute read
|
|||
|
40d000
|
page execute read
|
|||
|
fbb000
|
page read and write
|
|||
|
fbb000
|
page read and write
|
|||
|
50d000
|
page read and write
|
|||
|
510000
|
page read and write
|
|||
|
40d000
|
page execute read
|
|||
|
510000
|
page read and write
|
|||
|
510000
|
page read and write
|
There are 8 hidden memdumps, click here to show them.