Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
/tmp/XHYKEGTtfq.elf
|
/tmp/XHYKEGTtfq.elf
|
||
|
/tmp/XHYKEGTtfq.elf
|
-
|
||
|
/tmp/XHYKEGTtfq.elf
|
-
|
||
|
/tmp/XHYKEGTtfq.elf
|
-
|
||
|
/tmp/XHYKEGTtfq.elf
|
-
|
||
|
/tmp/XHYKEGTtfq.elf
|
-
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/bin/journalctl
|
/usr/bin/journalctl --smart-relinquish-var
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/bin/dbus-daemon
|
/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/sbin/rsyslogd
|
/usr/sbin/rsyslogd -n -iNONE
|
||
|
/usr/libexec/gvfsd-fuse
|
-
|
||
|
/bin/fusermount
|
fusermount -u -q -z -- /run/user/1000/gvfs
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/bin/pulseaudio
|
/usr/bin/pulseaudio --daemonize=no --log-target=journal
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/lib/systemd/systemd-journald
|
/lib/systemd/systemd-journald
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/bin/dbus-daemon
|
/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/sbin/rsyslogd
|
/usr/sbin/rsyslogd -n -iNONE
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/lib/systemd/systemd-journald
|
/lib/systemd/systemd-journald
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/bin/dbus-daemon
|
/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/lib/systemd/systemd-journald
|
/lib/systemd/systemd-journald
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/sbin/rsyslogd
|
/usr/sbin/rsyslogd -n -iNONE
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/bin/dbus-daemon
|
/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/lib/systemd/systemd-journald
|
/lib/systemd/systemd-journald
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/bin/dbus-daemon
|
/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/lib/systemd/systemd-journald
|
/lib/systemd/systemd-journald
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/sbin/rsyslogd
|
/usr/sbin/rsyslogd -n -iNONE
|
||
|
/usr/sbin/gdm3
|
-
|
||
|
/etc/gdm3/PrimeOff/Default
|
/etc/gdm3/PrimeOff/Default
|
||
|
/usr/sbin/gdm3
|
-
|
||
|
/etc/gdm3/PrimeOff/Default
|
/etc/gdm3/PrimeOff/Default
|
||
|
/usr/sbin/gdm3
|
-
|
||
|
/etc/gdm3/PrimeOff/Default
|
/etc/gdm3/PrimeOff/Default
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/sbin/rsyslogd
|
/usr/sbin/rsyslogd -n -iNONE
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/bin/gpu-manager
|
/usr/bin/gpu-manager --log /var/log/gpu-manager.log
|
||
|
/usr/bin/gpu-manager
|
-
|
||
|
/bin/sh
|
sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/grep
|
grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf
/etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf
/etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf
/etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/share/gdm/generate-config
|
/usr/share/gdm/generate-config
|
||
|
/usr/share/gdm/generate-config
|
-
|
||
|
/usr/bin/pkill
|
pkill --signal HUP --uid gdm dconf-service
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/bin/gpu-manager
|
/usr/bin/gpu-manager --log /var/log/gpu-manager.log
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/share/gdm/generate-config
|
/usr/share/gdm/generate-config
|
||
|
/usr/share/gdm/generate-config
|
-
|
||
|
/usr/bin/pkill
|
pkill --signal HUP --uid gdm dconf-service
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/bin/gpu-manager
|
/usr/bin/gpu-manager --log /var/log/gpu-manager.log
|
||
|
/usr/bin/gpu-manager
|
-
|
||
|
/bin/sh
|
sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/grep
|
grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf
/etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf
/etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf
/etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/share/gdm/generate-config
|
/usr/share/gdm/generate-config
|
||
|
/usr/share/gdm/generate-config
|
-
|
||
|
/usr/bin/pkill
|
pkill --signal HUP --uid gdm dconf-service
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/bin/gpu-manager
|
/usr/bin/gpu-manager --log /var/log/gpu-manager.log
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/share/gdm/generate-config
|
/usr/share/gdm/generate-config
|
||
|
/usr/share/gdm/generate-config
|
-
|
||
|
/usr/bin/pkill
|
pkill --signal HUP --uid gdm dconf-service
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/bin/gpu-manager
|
/usr/bin/gpu-manager --log /var/log/gpu-manager.log
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/share/gdm/generate-config
|
/usr/share/gdm/generate-config
|
||
|
/usr/share/gdm/generate-config
|
-
|
||
|
/usr/bin/pkill
|
pkill --signal HUP --uid gdm dconf-service
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/bin/plymouth
|
/bin/plymouth quit
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/bin/dbus-daemon
|
/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
|
There are 80 hidden processes, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
212.70.149.14
|
unknown
|
Bulgaria
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7f7ea3ce4000
|
page read and write
|
|||
|
7f7dac01b000
|
page execute read
|
|||
|
7f7ea47ce000
|
page read and write
|
|||
|
5585d6cc6000
|
page read and write
|
|||
|
7f7e9c000000
|
page read and write
|
|||
|
7f7dac035000
|
page read and write
|
|||
|
7f7ea47d6000
|
page read and write
|
|||
|
7f7ea3f73000
|
page read and write
|
|||
|
7f7ea481b000
|
page read and write
|
|||
|
5585d6a3b000
|
page execute read
|
|||
|
7ffe423ff000
|
page execute read
|
|||
|
5585d6cbe000
|
page read and write
|
|||
|
7f7ea46a5000
|
page read and write
|
|||
|
5585d9e20000
|
page read and write
|
|||
|
7f7e9c000000
|
page read and write
|
|||
|
7ffe423f9000
|
page read and write
|
|||
|
7f7dac035000
|
page read and write
|
|||
|
7f7dac035000
|
page read and write
|
|||
|
5585d6cc6000
|
page read and write
|
|||
|
7f7ea34d3000
|
page read and write
|
|||
|
5585d8cda000
|
page read and write
|
|||
|
7f7ea3f73000
|
page read and write
|
|||
|
7f7ea481b000
|
page read and write
|
|||
|
7ffe423f9000
|
page read and write
|
|||
|
7f7ea47d6000
|
page read and write
|
|||
|
7f7ea47d6000
|
page read and write
|
|||
|
5585d6cbe000
|
page read and write
|
|||
|
7f7ea46a5000
|
page read and write
|
|||
|
7ffe423f9000
|
page read and write
|
|||
|
7f7ea34d3000
|
page read and write
|
|||
|
5585d6cc6000
|
page read and write
|
|||
|
7f7e9c021000
|
page read and write
|
|||
|
7f7ea435a000
|
page read and write
|
|||
|
7f7ea3cd6000
|
page read and write
|
|||
|
5585d6a3b000
|
page execute read
|
|||
|
7f7e9c021000
|
page read and write
|
|||
|
5585d6a3b000
|
page execute read
|
|||
|
7ffe423f9000
|
page read and write
|
|||
|
5585d8cc4000
|
page execute and read and write
|
|||
|
5585d8cc4000
|
page execute and read and write
|
|||
|
7f7ea47ce000
|
page read and write
|
|||
|
7f7ea4335000
|
page read and write
|
|||
|
7f7ea34d3000
|
page read and write
|
|||
|
7ffe423ff000
|
page execute read
|
|||
|
7f7ea3f73000
|
page read and write
|
|||
|
7f7dac01b000
|
page execute read
|
|||
|
7f7dac01b000
|
page execute read
|
|||
|
7f7ea481b000
|
page read and write
|
|||
|
7f7ea46a5000
|
page read and write
|
|||
|
7f7dac01b000
|
page execute read
|
|||
|
5585d9e20000
|
page read and write
|
|||
|
7f7ea3cd6000
|
page read and write
|
|||
|
7f7ea4335000
|
page read and write
|
|||
|
7f7ea3ce4000
|
page read and write
|
|||
|
7f7dac036000
|
page read and write
|
|||
|
7f7dac038000
|
page read and write
|
|||
|
7f7ea435a000
|
page read and write
|
|||
|
7f7e9c021000
|
page read and write
|
|||
|
7f7ea34d3000
|
page read and write
|
|||
|
7f7e9c000000
|
page read and write
|
|||
|
7f7ea435a000
|
page read and write
|
|||
|
5585d6a3b000
|
page execute read
|
|||
|
7f7ea3cd6000
|
page read and write
|
|||
|
7f7ea3ce4000
|
page read and write
|
|||
|
7f7ea4335000
|
page read and write
|
|||
|
7f7ea3ce4000
|
page read and write
|
|||
|
7f7ea435a000
|
page read and write
|
|||
|
5585d9e20000
|
page read and write
|
|||
|
7ffe423ff000
|
page execute read
|
|||
|
7f7ea47ce000
|
page read and write
|
|||
|
5585d6cc6000
|
page read and write
|
|||
|
7f7dac035000
|
page read and write
|
|||
|
5585d8cc4000
|
page execute and read and write
|
|||
|
5585d8cc4000
|
page execute and read and write
|
|||
|
7ffe423ff000
|
page execute read
|
|||
|
7f7ea47d6000
|
page read and write
|
|||
|
5585d8cda000
|
page read and write
|
|||
|
7f7e9c021000
|
page read and write
|
|||
|
7f7ea3cd6000
|
page read and write
|
|||
|
5585d8cda000
|
page read and write
|
|||
|
7f7ea46a5000
|
page read and write
|
|||
|
7f7ea47ce000
|
page read and write
|
|||
|
7f7ea3f73000
|
page read and write
|
|||
|
5585d6cbe000
|
page read and write
|
|||
|
7f7ea4335000
|
page read and write
|
|||
|
5585d9e20000
|
page read and write
|
|||
|
7f7ea481b000
|
page read and write
|
|||
|
7f7e9c000000
|
page read and write
|
|||
|
5585d8cda000
|
page read and write
|
|||
|
5585d6cbe000
|
page read and write
|
There are 80 hidden memdumps, click here to show them.