IOC Report
k49syyxi7V.elf

loading gif

Processes

Path
Cmdline
Malicious
/tmp/k49syyxi7V.elf
/tmp/k49syyxi7V.elf
/tmp/k49syyxi7V.elf
-
/tmp/k49syyxi7V.elf
-
/usr/libexec/gnome-session-binary
-
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
/usr/bin/gnome-shell
/usr/bin/gnome-shell
/usr/libexec/gnome-session-binary
-
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
/usr/libexec/gsd-sharing
/usr/libexec/gsd-sharing
/usr/sbin/gdm3
-
/etc/gdm3/PrimeOff/Default
/etc/gdm3/PrimeOff/Default
/usr/sbin/gdm3
-
/etc/gdm3/PrimeOff/Default
/etc/gdm3/PrimeOff/Default
/usr/lib/systemd/systemd
-
/lib/systemd/systemd-user-runtime-dir
/lib/systemd/systemd-user-runtime-dir stop 127
There are 5 hidden processes, click here to show them.

Domains

Name
IP
Malicious
daisy.ubuntu.com
162.213.35.24

IPs

IP
Domain
Country
Malicious
199.59.243.227
unknown
United States

Memdumps

Base Address
Regiontype
Protect
Malicious
7f8e1c021000
page read and write
565031fef000
page execute and read and write
7ffe1a3b7000
page read and write
7f8d9c40f000
page execute read
7f8e2445c000
page read and write
7f8e23de1000
page read and write
7f8e23790000
page read and write
56502fff1000
page read and write
7f8e24464000
page read and write
7f8e22f7a000
page read and write
7f8e23782000
page read and write
565032006000
page read and write
7ffe1a3e5000
page execute read
7f8e23e04000
page read and write
7f8e1c000000
page read and write
7f8e244a9000
page read and write
7f8e24152000
page read and write
7f8e23e21000
page read and write
7f8e24333000
page read and write
7f8e23a40000
page read and write
56502ffe7000
page read and write
56502fd5f000
page execute read
5650328d6000
page read and write
7f8d9c450000
page read and write
7f8d9c457000
page read and write
There are 15 hidden memdumps, click here to show them.