IOC Report
dvwkja7.elf

loading gif

Files

File Path
Type
Category
Malicious
dvwkja7.elf
ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, with debug_info, not stripped
initial sample
malicious
/var/log/wtmp
data
dropped
malicious
/home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-sink
ASCII text
dropped
/home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-source
ASCII text
dropped
/proc/6633/oom_score_adj
very short file (no magic)
dropped
/run/gdm3.pid
ASCII text
dropped
/run/systemd/journal/streams/.#9:77865LhwEKa
ASCII text
dropped
/run/systemd/journal/streams/.#9:77872iIrsyb
ASCII text
dropped
/run/systemd/journal/streams/.#9:77873Pyizca
ASCII text
dropped
/run/systemd/journal/streams/.#9:77880Yn6fDa
ASCII text
dropped
/run/systemd/journal/streams/.#9:77890Qjcto9
ASCII text
dropped
/run/systemd/journal/streams/.#9:77891Mb2H59
ASCII text
dropped
/run/systemd/journal/streams/.#9:77892orfBy8
ASCII text
dropped
/run/systemd/journal/streams/.#9:778930HzeY7
ASCII text
dropped
/run/systemd/journal/streams/.#9:77894S6h3A9
ASCII text
dropped
/run/systemd/journal/streams/.#9:77895PP6RO9
ASCII text
dropped
/run/systemd/journal/streams/.#9:77896YczAT7
ASCII text
dropped
/run/systemd/journal/streams/.#9:77897WmmhYb
ASCII text
dropped
/run/systemd/journal/streams/.#9:77898HIKwga
ASCII text
dropped
/run/systemd/journal/streams/.#9:78041UAXZF8
ASCII text
dropped
/run/systemd/journal/streams/.#9:7887548Cq2S
ASCII text
dropped
/run/systemd/journal/streams/.#9:790589ydU3Q
ASCII text
dropped
/run/systemd/journal/streams/.#9:79512rcJM0b
ASCII text
dropped
/run/systemd/journal/streams/.#9:79513T3ordb
ASCII text
dropped
/run/systemd/journal/streams/.#9:79514UoKRY8
ASCII text
dropped
/run/systemd/journal/streams/.#9:79516HUEcE9
ASCII text
dropped
/run/systemd/journal/streams/.#9:79517iG06ua
ASCII text
dropped
/run/systemd/journal/streams/.#9:79518jy7xQ9
ASCII text
dropped
/run/systemd/journal/streams/.#9:79520sFWRmd
ASCII text
dropped
/run/systemd/journal/streams/.#9:79521Bumi38
ASCII text
dropped
/run/systemd/journal/streams/.#9:795222Nimcd
ASCII text
dropped
/run/systemd/journal/streams/.#9:79532lBUin9
ASCII text
dropped
/run/systemd/journal/streams/.#9:795406LKmha
ASCII text
dropped
/run/systemd/journal/streams/.#9:7963600Jm8c
ASCII text
dropped
/run/systemd/journal/streams/.#9:79784lPJ2Sb
ASCII text
dropped
/run/systemd/journal/streams/.#9:80280EP4Xjb
ASCII text
dropped
/run/systemd/journal/streams/.#9:80291Upb7Uc
ASCII text
dropped
/run/systemd/journal/streams/.#9:80898FKyv5b
ASCII text
dropped
/run/systemd/journal/streams/.#9:80934GmRD59
ASCII text
dropped
/run/systemd/journal/streams/.#9:80980KYltt9
ASCII text
dropped
/run/systemd/journal/streams/.#9:80982Uhe879
ASCII text
dropped
/run/systemd/journal/streams/.#9:81037jIR9qa
ASCII text
dropped
/run/systemd/journal/streams/.#9:81038REx0Zc
ASCII text
dropped
/run/systemd/journal/streams/.#9:81424FAynxc
ASCII text
dropped
/run/systemd/seats/.#seat01WDXxq
ASCII text
dropped
/run/systemd/seats/.#seat0Bhq3TR
ASCII text
dropped
/run/systemd/seats/.#seat0TFFL0r
ASCII text
dropped
/run/systemd/seats/.#seat0qHtYrr
ASCII text
dropped
/run/systemd/users/.#12730PBaq
ASCII text
dropped
/run/systemd/users/.#1277tLzQr
ASCII text
dropped
/run/systemd/users/.#127BWrB7s
ASCII text
dropped
/run/systemd/users/.#127MJwgdr
ASCII text
dropped
/run/systemd/users/.#127Q6OfWt
ASCII text
dropped
/run/systemd/users/.#127ojd45q
ASCII text
dropped
/run/user/1000/pulse/pid
ASCII text
dropped
/run/utmp
data
dropped
/tmp/qemu-open.U4iWJK (deleted)
data
dropped
/var/lib/AccountsService/users/gdm.8V7ZW2
ASCII text
dropped
/var/lib/ubuntu-drivers-common/last_gfx_boot
ASCII text
dropped
/var/log/auth.log
ASCII text
dropped
/var/log/gpu-manager.log
ASCII text
dropped
/var/log/journal/ee49dfd4fa47433baee88884e2d7de7c/system.journal
data
dropped
/var/log/journal/ee49dfd4fa47433baee88884e2d7de7c/user-1000.journal
data
dropped
/var/log/kern.log
ASCII text
dropped
/var/log/syslog
ASCII text, with very long lines (317)
dropped
There are 55 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
/tmp/dvwkja7.elf
/tmp/dvwkja7.elf
/tmp/dvwkja7.elf
-
/tmp/dvwkja7.elf
-
/tmp/dvwkja7.elf
-
/bin/sh
sh -c "ps -e -o pid,args="
/bin/sh
-
/usr/bin/ps
ps -e -o pid,args=
/tmp/dvwkja7.elf
-
/bin/sh
sh -c "ps -e -o pid,args="
/bin/sh
-
/usr/bin/ps
ps -e -o pid,args=
/tmp/dvwkja7.elf
-
/bin/sh
sh -c "ps -e -o pid,args="
/bin/sh
-
/usr/bin/ps
ps -e -o pid,args=
/usr/lib/systemd/systemd
-
/usr/bin/journalctl
/usr/bin/journalctl --smart-relinquish-var
/usr/lib/systemd/systemd
-
/lib/systemd/systemd-journald
/lib/systemd/systemd-journald
/usr/lib/systemd/systemd
-
/usr/bin/dbus-daemon
/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
/usr/lib/systemd/systemd
-
/usr/bin/pulseaudio
/usr/bin/pulseaudio --daemonize=no --log-target=journal
/usr/lib/systemd/systemd
-
/usr/sbin/rsyslogd
/usr/sbin/rsyslogd -n -iNONE
/usr/libexec/gvfsd-fuse
-
/bin/fusermount
fusermount -u -q -z -- /run/user/1000/gvfs
/usr/lib/systemd/systemd
-
/lib/systemd/systemd-logind
/lib/systemd/systemd-logind
/usr/lib/systemd/systemd
-
/usr/libexec/rtkit-daemon
/usr/libexec/rtkit-daemon
/usr/lib/systemd/systemd
-
/usr/lib/policykit-1/polkitd
/usr/lib/policykit-1/polkitd --no-debug
/usr/sbin/gdm3
-
/etc/gdm3/PrimeOff/Default
/etc/gdm3/PrimeOff/Default
/usr/sbin/gdm3
-
/etc/gdm3/PrimeOff/Default
/etc/gdm3/PrimeOff/Default
/usr/sbin/gdm3
-
/etc/gdm3/PrimeOff/Default
/etc/gdm3/PrimeOff/Default
/usr/lib/systemd/systemd
-
/sbin/agetty
/sbin/agetty -o "-p -- \\u" --noclear tty2 linux
/usr/lib/systemd/systemd
-
/usr/bin/gpu-manager
/usr/bin/gpu-manager --log /var/log/gpu-manager.log
/usr/bin/gpu-manager
-
/bin/sh
sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
/bin/sh
-
/usr/bin/grep
grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
/usr/bin/gpu-manager
-
/bin/sh
sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
/bin/sh
-
/usr/bin/grep
grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
/usr/bin/gpu-manager
-
/bin/sh
sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
/bin/sh
-
/usr/bin/grep
grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
/usr/bin/gpu-manager
-
/bin/sh
sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
/bin/sh
-
/usr/bin/grep
grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
/usr/bin/gpu-manager
-
/bin/sh
sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
/bin/sh
-
/usr/bin/grep
grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
/usr/bin/gpu-manager
-
/bin/sh
sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
/bin/sh
-
/usr/bin/grep
grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
/usr/bin/gpu-manager
-
/bin/sh
sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
/bin/sh
-
/usr/bin/grep
grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
/usr/bin/gpu-manager
-
/bin/sh
sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
/bin/sh
-
/usr/bin/grep
grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
/usr/lib/systemd/systemd
-
/usr/bin/journalctl
/usr/bin/journalctl --flush
/usr/lib/systemd/systemd
-
/usr/share/gdm/generate-config
/usr/share/gdm/generate-config
/usr/share/gdm/generate-config
-
/usr/bin/pkill
pkill --signal HUP --uid gdm dconf-service
/usr/lib/systemd/systemd
-
/usr/lib/gdm3/gdm-wait-for-drm
/usr/lib/gdm3/gdm-wait-for-drm
/usr/lib/systemd/systemd
-
/usr/bin/journalctl
/usr/bin/journalctl --smart-relinquish-var
/usr/lib/systemd/systemd
-
/usr/bin/dbus-daemon
/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
/usr/lib/systemd/systemd
-
/sbin/agetty
/sbin/agetty -o "-p -- \\u" --noclear tty2 linux
/usr/lib/systemd/systemd
-
/lib/systemd/systemd-logind
/lib/systemd/systemd-logind
/usr/lib/systemd/systemd
-
/usr/sbin/rsyslogd
/usr/sbin/rsyslogd -n -iNONE
/usr/lib/systemd/systemd
-
/lib/systemd/systemd-journald
/lib/systemd/systemd-journald
/usr/lib/systemd/systemd
-
/usr/sbin/gdm3
/usr/sbin/gdm3
/usr/sbin/gdm3
-
/usr/bin/plymouth
plymouth --ping
/usr/lib/systemd/systemd
-
/usr/lib/accountsservice/accounts-daemon
/usr/lib/accountsservice/accounts-daemon
/usr/lib/accountsservice/accounts-daemon
-
/usr/share/language-tools/language-validate
/usr/share/language-tools/language-validate en_US.UTF-8
/usr/share/language-tools/language-validate
-
/usr/share/language-tools/language-options
/usr/share/language-tools/language-options
/usr/share/language-tools/language-options
-
/bin/sh
sh -c "locale -a | grep -F .utf8 "
/bin/sh
-
/usr/bin/locale
locale -a
/bin/sh
-
/usr/bin/grep
grep -F .utf8
/usr/lib/systemd/systemd
-
/usr/bin/journalctl
/usr/bin/journalctl --flush
/usr/lib/systemd/systemd
-
/sbin/agetty
/sbin/agetty -o "-p -- \\u" --noclear tty2 linux
/usr/lib/systemd/systemd
-
/lib/systemd/systemd-logind
/lib/systemd/systemd-logind
/usr/lib/systemd/systemd
-
/lib/systemd/systemd-journald
/lib/systemd/systemd-journald
/usr/lib/systemd/systemd
-
/usr/sbin/rsyslogd
/usr/sbin/rsyslogd -n -iNONE
/usr/lib/systemd/systemd
-
/usr/bin/dbus-daemon
/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
/usr/lib/systemd/systemd
-
/usr/bin/gpu-manager
/usr/bin/gpu-manager --log /var/log/gpu-manager.log
/usr/bin/gpu-manager
-
/bin/sh
sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
/bin/sh
-
/usr/bin/grep
grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
/usr/bin/gpu-manager
-
/bin/sh
sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
/bin/sh
-
/usr/bin/grep
grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
/usr/bin/gpu-manager
-
/bin/sh
sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
/bin/sh
-
/usr/bin/grep
grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
/usr/bin/gpu-manager
-
/bin/sh
sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
/bin/sh
-
/usr/bin/grep
grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
/usr/bin/gpu-manager
-
/bin/sh
sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
/bin/sh
-
/usr/bin/grep
grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
/usr/bin/gpu-manager
-
/bin/sh
sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
/bin/sh
-
/usr/bin/grep
grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
/usr/bin/gpu-manager
-
/bin/sh
sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
/bin/sh
-
/usr/bin/grep
grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
/usr/bin/gpu-manager
-
/bin/sh
sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
/bin/sh
-
/usr/bin/grep
grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
/usr/lib/systemd/systemd
-
/usr/share/gdm/generate-config
/usr/share/gdm/generate-config
/usr/share/gdm/generate-config
-
/usr/bin/pkill
pkill --signal HUP --uid gdm dconf-service
/usr/lib/systemd/systemd
-
/usr/lib/gdm3/gdm-wait-for-drm
/usr/lib/gdm3/gdm-wait-for-drm
/usr/lib/systemd/systemd
-
/usr/sbin/gdm3
/usr/sbin/gdm3
/usr/sbin/gdm3
-
/usr/bin/plymouth
plymouth --ping
/usr/sbin/gdm3
-
/usr/lib/gdm3/gdm-session-worker
"gdm-session-worker [pam/gdm-launch-environment]"
/usr/lib/gdm3/gdm-session-worker
-
/usr/lib/gdm3/gdm-wayland-session
/usr/lib/gdm3/gdm-wayland-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
/usr/lib/gdm3/gdm-wayland-session
-
/usr/bin/dbus-daemon
dbus-daemon --print-address 3 --session
/usr/bin/dbus-daemon
-
/usr/bin/dbus-daemon
-
/bin/false
/bin/false
/usr/lib/gdm3/gdm-wayland-session
-
/usr/bin/dbus-run-session
dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
/usr/bin/dbus-run-session
-
/usr/bin/dbus-daemon
dbus-daemon --nofork --print-address 4 --session
/usr/sbin/gdm3
-
/etc/gdm3/PrimeOff/Default
/etc/gdm3/PrimeOff/Default
/usr/sbin/gdm3
-
/etc/gdm3/PrimeOff/Default
/etc/gdm3/PrimeOff/Default
/usr/lib/systemd/systemd
-
/usr/lib/accountsservice/accounts-daemon
/usr/lib/accountsservice/accounts-daemon
/usr/lib/accountsservice/accounts-daemon
-
/usr/share/language-tools/language-validate
/usr/share/language-tools/language-validate en_US.UTF-8
/usr/share/language-tools/language-validate
-
/usr/share/language-tools/language-options
/usr/share/language-tools/language-options
/usr/share/language-tools/language-options
-
/bin/sh
sh -c "locale -a | grep -F .utf8 "
/bin/sh
-
/usr/bin/locale
locale -a
/bin/sh
-
/usr/bin/grep
grep -F .utf8
/usr/lib/systemd/systemd
-
/usr/lib/policykit-1/polkitd
/usr/lib/policykit-1/polkitd --no-debug
/usr/lib/systemd/systemd
-
/usr/bin/dbus-daemon
/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
/usr/lib/systemd/systemd
-
/usr/bin/pulseaudio
/usr/bin/pulseaudio --daemonize=no --log-target=journal
/usr/lib/systemd/systemd
-
/usr/libexec/rtkit-daemon
/usr/libexec/rtkit-daemon
There are 194 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://www.rsyslog.com
unknown
https://daisy.ubuntu.com/9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e
162.213.35.25

Domains

Name
IP
Malicious
daisy.ubuntu.com
162.213.35.24
ksdjwi.eye-network.ru
154.216.16.109
ksdjwi.eye-network.ru. [malformed]
unknown

IPs

IP
Domain
Country
Malicious
162.213.35.25
unknown
United States
154.216.16.109
ksdjwi.eye-network.ru
Seychelles
89.190.156.145
unknown
United Kingdom
109.202.202.202
unknown
Switzerland
91.189.91.43
unknown
United Kingdom
91.189.91.42
unknown
United Kingdom

Memdumps

Base Address
Regiontype
Protect
Malicious
7fefcc038000
page execute read
malicious
7ff0d46dd000
page read and write
7ff0d4fe7000
page read and write
55fcaab45000
page execute read
7ff0d4ad7000
page read and write
7ff0cbfff000
page read and write
55fcae2f7000
page read and write
7ff0d496b000
page read and write
55fcacd9d000
page execute and read and write
55fcaad96000
page read and write
7fefcc041000
page read and write
7ff0d42e9000
page read and write
7ff0d502c000
page read and write
7ff0d3ae1000
page read and write
7fff562e5000
page execute read
7fff56284000
page read and write
7ff0cc021000
page read and write
7fefcc048000
page read and write
55fcacdb4000
page read and write
7ff0d4e9a000
page read and write
7ff0d4cb9000
page read and write
7ff0d4948000
page read and write
7ff0d4fc3000
page read and write
7ff0d437b000
page read and write
55fcaad9f000
page read and write
There are 15 hidden memdumps, click here to show them.