Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
131350528.pdf
|
PDF document, version 1.7 (zip deflate encoded)
|
initial sample
|
||
|
/home/saturnino/.cache/dconf/user
|
very short file (no magic)
|
dropped
|
||
|
/home/saturnino/.local/share/recently-used.xbel.JJN4X2
|
XML 1.0 document, ASCII text
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
/usr/bin/exo-open
|
exo-open /tmp/131350528.pdf
|
||
|
/usr/bin/exo-open
|
-
|
||
|
/usr/bin/dbus-launch
|
dbus-launch --autolaunch=ee49dfd4fa47433baee88884e2d7de7c --binary-syntax --close-stderr
|
||
|
/usr/bin/exo-open
|
-
|
||
|
/usr/bin/exo-open
|
-
|
||
|
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh evince /tmp/131350528.pdf
|
||
|
/usr/bin/evince
|
evince /tmp/131350528.pdf
|
||
|
/usr/bin/evince
|
-
|
||
|
/usr/bin/dbus-launch
|
dbus-launch --autolaunch=ee49dfd4fa47433baee88884e2d7de7c --binary-syntax --close-stderr
|
||
|
/usr/bin/dash
|
-
|
||
|
/usr/bin/rm
|
rm -f /tmp/tmp.XDXaw8psax /tmp/tmp.RIRhJt6zeB /tmp/tmp.qSXKvcdNkz
|
||
|
/usr/bin/dash
|
-
|
||
|
/usr/bin/rm
|
rm -f /tmp/tmp.XDXaw8psax /tmp/tmp.RIRhJt6zeB /tmp/tmp.qSXKvcdNkz
|
There are 3 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.freedesktop.org/standards/desktop-bookmarks
|
unknown
|
||
|
http://www.freedesktop.org/standards/shared-mime-info
|
unknown
|
||
|
http://freedesktop.org
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
54.171.230.55
|
unknown
|
United States
|
||
|
109.202.202.202
|
unknown
|
Switzerland
|
||
|
91.189.91.43
|
unknown
|
United Kingdom
|
||
|
91.189.91.42
|
unknown
|
United Kingdom
|