Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
na.elf
|
ELF 32-bit MSB executable, PowerPC or cisco 4500, version 1 (SYSV), statically linked, stripped
|
initial sample
|
 |
|
|
/run/user/127/dconf/user
|
very short file (no magic)
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
/tmp/na.elf
|
/tmp/na.elf
|
||
|
/tmp/na.elf
|
-
|
||
|
/tmp/na.elf
|
-
|
||
|
/tmp/na.elf
|
-
|
||
|
/tmp/na.elf
|
-
|
||
|
/tmp/na.elf
|
-
|
||
|
/tmp/na.elf
|
-
|
||
|
/tmp/na.elf
|
-
|
||
|
/usr/libexec/gnome-session-binary
|
-
|
||
|
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
|
||
|
/usr/bin/gnome-shell
|
/usr/bin/gnome-shell
|
||
|
/usr/libexec/gnome-session-binary
|
-
|
||
|
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
|
||
|
/usr/libexec/gsd-sharing
|
/usr/libexec/gsd-sharing
|
||
|
/usr/sbin/gdm3
|
-
|
||
|
/etc/gdm3/PrimeOff/Default
|
/etc/gdm3/PrimeOff/Default
|
||
|
/usr/sbin/gdm3
|
-
|
||
|
/etc/gdm3/PrimeOff/Default
|
/etc/gdm3/PrimeOff/Default
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/lib/systemd/systemd-user-runtime-dir
|
/lib/systemd/systemd-user-runtime-dir stop 127
|
There are 10 hidden processes, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7f59dc013000
|
page execute read
|
|
||
|
7f59dc013000
|
page execute read
|
|
||
|
7f59dc013000
|
page execute read
|
|
||
|
7f59dc013000
|
page execute read
|
|
||
|
7f5ad2546000
|
page read and write
|
|||
|
56046d44b000
|
page execute read
|
|||
|
7f5ad29df000
|
page read and write
|
|||
|
7f5ad1ef5000
|
page read and write
|
|||
|
7f5ad16e4000
|
page read and write
|
|||
|
56046f6d4000
|
page execute and read and write
|
|||
|
56046d6ce000
|
page read and write
|
|||
|
7ffc67673000
|
page read and write
|
|||
|
56046f6d4000
|
page execute and read and write
|
|||
|
7f59dc023000
|
page read and write
|
|||
|
56046f6ea000
|
page read and write
|
|||
|
7f59dc023000
|
page read and write
|
|||
|
7ffc6775a000
|
page execute read
|
|||
|
7f5ad29df000
|
page read and write
|
|||
|
7f5ad1ee7000
|
page read and write
|
|||
|
7f5ad2184000
|
page read and write
|
|||
|
7f5ad29df000
|
page read and write
|
|||
|
56046f6d4000
|
page execute and read and write
|
|||
|
5604713f0000
|
page read and write
|
|||
|
7ffc67673000
|
page read and write
|
|||
|
7f59dc049000
|
page read and write
|
|||
|
7f59dc027000
|
page read and write
|
|||
|
56046d44b000
|
page execute read
|
|||
|
7f5acc000000
|
page read and write
|
|||
|
7f5ad1ef5000
|
page read and write
|
|||
|
56046d6d6000
|
page read and write
|
|||
|
7f5ad29df000
|
page read and write
|
|||
|
7f5ad256b000
|
page read and write
|
|||
|
7ffc67673000
|
page read and write
|
|||
|
7f5ad2a2c000
|
page read and write
|
|||
|
7f5ad1ee7000
|
page read and write
|
|||
|
7f5ad29e7000
|
page read and write
|
|||
|
7f5ad28b6000
|
page read and write
|
|||
|
56046d6ce000
|
page read and write
|
|||
|
5604713f0000
|
page read and write
|
|||
|
7f59dc027000
|
page read and write
|
|||
|
7f5ad1ee7000
|
page read and write
|
|||
|
7f5ad1ef5000
|
page read and write
|
|||
|
7f5acc021000
|
page read and write
|
|||
|
7ffc6775a000
|
page execute read
|
|||
|
7f5ad29e7000
|
page read and write
|
|||
|
7f5ad28b6000
|
page read and write
|
|||
|
7f5acc000000
|
page read and write
|
|||
|
7f5acc021000
|
page read and write
|
|||
|
56046d6d6000
|
page read and write
|
|||
|
56046d44b000
|
page execute read
|
|||
|
7f5ad2184000
|
page read and write
|
|||
|
56046d6d6000
|
page read and write
|
|||
|
7f5acc021000
|
page read and write
|
|||
|
7f5ad29e7000
|
page read and write
|
|||
|
56046d6ce000
|
page read and write
|
|||
|
7f5ad1ee7000
|
page read and write
|
|||
|
7f5ad2546000
|
page read and write
|
|||
|
7ffc6775a000
|
page execute read
|
|||
|
7f5ad16e4000
|
page read and write
|
|||
|
56046f6ea000
|
page read and write
|
|||
|
7f5ad2a2c000
|
page read and write
|
|||
|
7f5ad256b000
|
page read and write
|
|||
|
7f5ad2184000
|
page read and write
|
|||
|
7f5ad256b000
|
page read and write
|
|||
|
7f5ad2a2c000
|
page read and write
|
|||
|
7f5acc000000
|
page read and write
|
|||
|
7f5acc000000
|
page read and write
|
|||
|
56046f6d4000
|
page execute and read and write
|
|||
|
5604713f0000
|
page read and write
|
|||
|
7f5ad16e4000
|
page read and write
|
|||
|
7f5ad1ef5000
|
page read and write
|
|||
|
7ffc6775a000
|
page execute read
|
|||
|
7f5ad16e4000
|
page read and write
|
|||
|
7f5acc021000
|
page read and write
|
|||
|
56046d6ce000
|
page read and write
|
|||
|
7f5ad29e7000
|
page read and write
|
|||
|
7f59dc027000
|
page read and write
|
|||
|
7f59dc038000
|
page read and write
|
|||
|
5604713f0000
|
page read and write
|
|||
|
7f59dc023000
|
page read and write
|
|||
|
7f5ad256b000
|
page read and write
|
|||
|
7f5ad2a2c000
|
page read and write
|
|||
|
56046f6ea000
|
page read and write
|
|||
|
7f59dc023000
|
page read and write
|
|||
|
56046f6ea000
|
page read and write
|
|||
|
7f5ad2184000
|
page read and write
|
|||
|
7f5ad28b6000
|
page read and write
|
|||
|
56046d6d6000
|
page read and write
|
|||
|
56046d44b000
|
page execute read
|
|||
|
7ffc67673000
|
page read and write
|
|||
|
7f5ad28b6000
|
page read and write
|
|||
|
7f59dc027000
|
page read and write
|
|||
|
7f5ad2546000
|
page read and write
|
|||
|
7f5ad2546000
|
page read and write
|
There are 84 hidden memdumps, click here to show them.