Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
na.elf
|
ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped
|
initial sample
|
||
/var/log/wtmp
|
data
|
dropped
|
||
/home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-sink
|
ASCII text
|
dropped
|
||
/home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-source
|
ASCII text
|
dropped
|
||
/proc/5631/oom_score_adj
|
very short file (no magic)
|
dropped
|
||
/proc/5634/oom_score_adj
|
very short file (no magic)
|
dropped
|
||
/proc/5636/oom_score_adj
|
very short file (no magic)
|
dropped
|
||
/proc/5638/oom_score_adj
|
very short file (no magic)
|
dropped
|
||
/proc/5640/oom_score_adj
|
very short file (no magic)
|
dropped
|
||
/proc/5642/oom_score_adj
|
very short file (no magic)
|
dropped
|
||
/proc/5645/oom_score_adj
|
very short file (no magic)
|
dropped
|
||
/proc/5724/oom_score_adj
|
very short file (no magic)
|
dropped
|
||
/proc/5752/oom_score_adj
|
very short file (no magic)
|
dropped
|
||
/proc/5755/oom_score_adj
|
very short file (no magic)
|
dropped
|
||
/proc/5757/oom_score_adj
|
very short file (no magic)
|
dropped
|
||
/proc/5761/oom_score_adj
|
very short file (no magic)
|
dropped
|
||
/proc/5763/oom_score_adj
|
very short file (no magic)
|
dropped
|
||
/proc/5765/oom_score_adj
|
very short file (no magic)
|
dropped
|
||
/proc/5768/oom_score_adj
|
very short file (no magic)
|
dropped
|
||
/proc/5947/oom_score_adj
|
very short file (no magic)
|
dropped
|
||
/proc/6105/oom_score_adj
|
very short file (no magic)
|
dropped
|
||
/proc/6126/oom_score_adj
|
very short file (no magic)
|
dropped
|
||
/proc/6340/oom_score_adj
|
very short file (no magic)
|
dropped
|
||
/run/avahi-daemon/pid
|
ASCII text
|
dropped
|
||
/run/gdm3.pid
|
ASCII text
|
dropped
|
||
/run/systemd/inhibit/.#12u1eDV
|
ASCII text
|
dropped
|
||
/run/systemd/inhibit/.#2GDtJoU
|
ASCII text
|
dropped
|
||
/run/systemd/inhibit/.#3eaWt7X
|
ASCII text
|
dropped
|
||
/run/systemd/inhibit/.#4JVsO5X
|
ASCII text
|
dropped
|
||
/run/systemd/seats/.#seat0Njj6ZU
|
ASCII text
|
dropped
|
||
/run/systemd/seats/.#seat0kTR4KW
|
ASCII text
|
dropped
|
||
/run/systemd/seats/.#seat0lczUtX
|
ASCII text
|
dropped
|
||
/run/systemd/seats/.#seat0o48q5T
|
ASCII text
|
dropped
|
||
/run/systemd/seats/.#seat0qVyVCX
|
ASCII text
|
dropped
|
||
/run/systemd/seats/.#seat0ssUUOX
|
ASCII text
|
dropped
|
||
/run/systemd/seats/.#seat0wrsKvV
|
ASCII text
|
dropped
|
||
/run/systemd/sessions/.#c1Bv606W
|
ASCII text
|
dropped
|
||
/run/systemd/sessions/.#c1EgYguU
|
ASCII text
|
dropped
|
||
/run/systemd/sessions/.#c1GAD4dV
|
ASCII text
|
dropped
|
||
/run/systemd/sessions/.#c1MneO4T
|
ASCII text
|
dropped
|
||
/run/systemd/sessions/.#c1R3Lb3T
|
ASCII text
|
dropped
|
||
/run/systemd/sessions/.#c1Rq5OdU
|
ASCII text
|
dropped
|
||
/run/systemd/sessions/.#c1uo1PVW
|
ASCII text
|
dropped
|
||
/run/systemd/sessions/.#c20EhCSW
|
ASCII text
|
dropped
|
||
/run/systemd/sessions/.#c21LkI5X
|
ASCII text
|
dropped
|
||
/run/systemd/sessions/.#c26Q9cQU
|
ASCII text
|
dropped
|
||
/run/systemd/sessions/.#c28pv7aX
|
ASCII text
|
dropped
|
||
/run/systemd/sessions/.#c2JFu0eV
|
ASCII text
|
dropped
|
||
/run/systemd/sessions/.#c2gOKhDV
|
ASCII text
|
dropped
|
||
/run/systemd/sessions/.#c2q2utUX
|
ASCII text
|
dropped
|
||
/run/systemd/sessions/.#c2y2QSzX
|
ASCII text
|
dropped
|
||
/run/systemd/users/.#12735aB7T
|
ASCII text
|
dropped
|
||
/run/systemd/users/.#1275KRIlW
|
ASCII text
|
dropped
|
||
/run/systemd/users/.#127A7YetV
|
ASCII text
|
dropped
|
||
/run/systemd/users/.#127IOV4PT
|
ASCII text
|
dropped
|
||
/run/systemd/users/.#127Iyp7fW
|
ASCII text
|
dropped
|
||
/run/systemd/users/.#127SBljFX
|
ASCII text
|
dropped
|
||
/run/systemd/users/.#127UnD19W
|
ASCII text
|
dropped
|
||
/run/systemd/users/.#127Yfq1fX
|
ASCII text
|
dropped
|
||
/run/systemd/users/.#127Z7FW4T
|
ASCII text
|
dropped
|
||
/run/systemd/users/.#127qlsbhV
|
ASCII text
|
dropped
|
||
/run/systemd/users/.#127sLJRrU
|
ASCII text
|
dropped
|
||
/run/systemd/users/.#127xykiMX
|
ASCII text
|
dropped
|
||
/run/user/1000/pulse/pid
|
ASCII text
|
dropped
|
||
/run/user/127/ICEauthority
|
TTComp archive data, binary, 1K dictionary
|
dropped
|
||
/run/user/127/dconf/user
|
very short file (no magic)
|
dropped
|
||
/run/user/127/gdm/Xauthority
|
X11 Xauthority data
|
dropped
|
||
/run/user/127/pulse/pid
|
ASCII text
|
dropped
|
||
/run/utmp
|
data
|
dropped
|
||
/tmp/qemu-open.Wn0gnn (deleted)
|
data
|
dropped
|
||
/tmp/qemu-open.mglKoN (deleted)
|
data
|
dropped
|
||
/tmp/server-0.xkm
|
Compiled XKB Keymap: lsb, version 15
|
dropped
|
||
/var/lib/AccountsService/users/gdm.EUQDV2
|
ASCII text
|
dropped
|
||
/var/lib/AccountsService/users/gdm.VZ1NV2
|
ASCII text
|
dropped
|
||
/var/lib/gdm3/.config/ibus/bus/ee49dfd4fa47433baee88884e2d7de7c-unix-0
|
ASCII text
|
dropped
|
||
/var/lib/gdm3/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-sink
|
very short file (no magic)
|
dropped
|
||
/var/lib/gdm3/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-source
|
very short file (no magic)
|
dropped
|
||
/var/lib/ubuntu-drivers-common/last_gfx_boot
|
ASCII text
|
dropped
|
||
/var/log/Xorg.0.log
|
JSON data
|
dropped
|
||
/var/log/auth.log
|
ASCII text
|
dropped
|
||
/var/log/gpu-manager.log
|
ASCII text
|
dropped
|
||
/var/log/kern.log
|
ASCII text
|
dropped
|
||
/var/log/syslog
|
ASCII text
|
dropped
|
There are 73 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
/tmp/na.elf
|
/tmp/na.elf
|
||
/tmp/na.elf
|
-
|
||
/tmp/na.elf
|
-
|
||
/tmp/na.elf
|
-
|
||
/tmp/na.elf
|
-
|
||
/tmp/na.elf
|
-
|
||
/tmp/na.elf
|
-
|
||
/tmp/na.elf
|
-
|
||
/tmp/na.elf
|
-
|
||
/usr/sbin/gdm3
|
-
|
||
/etc/gdm3/PrimeOff/Default
|
/etc/gdm3/PrimeOff/Default
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/bin/dbus-daemon
|
/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/bin/pulseaudio
|
/usr/bin/pulseaudio --daemonize=no --log-target=journal
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/sbin/rsyslogd
|
/usr/sbin/rsyslogd -n -iNONE
|
||
/usr/sbin/gdm3
|
-
|
||
/etc/gdm3/PrimeOff/Default
|
/etc/gdm3/PrimeOff/Default
|
||
/usr/sbin/gdm3
|
-
|
||
/etc/gdm3/PrimeOff/Default
|
/etc/gdm3/PrimeOff/Default
|
||
/usr/libexec/gvfsd-fuse
|
-
|
||
/bin/fusermount
|
fusermount -u -q -z -- /run/user/1000/gvfs
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/libexec/rtkit-daemon
|
/usr/libexec/rtkit-daemon
|
||
/usr/lib/systemd/systemd
|
-
|
||
/lib/systemd/systemd-logind
|
/lib/systemd/systemd-logind
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/lib/policykit-1/polkitd
|
/usr/lib/policykit-1/polkitd --no-debug
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/bin/gpu-manager
|
/usr/bin/gpu-manager --log /var/log/gpu-manager.log
|
||
/usr/bin/gpu-manager
|
-
|
||
/bin/sh
|
sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
|
||
/bin/sh
|
-
|
||
/usr/bin/grep
|
grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf
/etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf
/etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf
/etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
|
||
/usr/bin/gpu-manager
|
-
|
||
/bin/sh
|
sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
|
||
/bin/sh
|
-
|
||
/usr/bin/grep
|
grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf
/lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
|
||
/usr/bin/gpu-manager
|
-
|
||
/bin/sh
|
sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
|
||
/bin/sh
|
-
|
||
/usr/bin/grep
|
grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf
/etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf
/etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf
/etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
|
||
/usr/bin/gpu-manager
|
-
|
||
/bin/sh
|
sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
|
||
/bin/sh
|
-
|
||
/usr/bin/grep
|
grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf
/lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
|
||
/usr/bin/gpu-manager
|
-
|
||
/bin/sh
|
sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
|
||
/bin/sh
|
-
|
||
/usr/bin/grep
|
grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf
/etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf
/etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf
/etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
|
||
/usr/bin/gpu-manager
|
-
|
||
/bin/sh
|
sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
|
||
/bin/sh
|
-
|
||
/usr/bin/grep
|
grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf
/lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
|
||
/usr/bin/gpu-manager
|
-
|
||
/bin/sh
|
sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
|
||
/bin/sh
|
-
|
||
/usr/bin/grep
|
grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf
/etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf
/etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf
/etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
|
||
/usr/bin/gpu-manager
|
-
|
||
/bin/sh
|
sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
|
||
/bin/sh
|
-
|
||
/usr/bin/grep
|
grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf
/lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
|
||
/usr/lib/systemd/systemd
|
-
|
||
/sbin/agetty
|
/sbin/agetty -o "-p -- \\u" --noclear tty2 linux
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/share/gdm/generate-config
|
/usr/share/gdm/generate-config
|
||
/usr/share/gdm/generate-config
|
-
|
||
/usr/bin/pkill
|
pkill --signal HUP --uid gdm dconf-service
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/lib/gdm3/gdm-wait-for-drm
|
/usr/lib/gdm3/gdm-wait-for-drm
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/sbin/gdm3
|
/usr/sbin/gdm3
|
||
/usr/sbin/gdm3
|
-
|
||
/usr/bin/plymouth
|
plymouth --ping
|
||
/usr/sbin/gdm3
|
-
|
||
/usr/lib/gdm3/gdm-session-worker
|
"gdm-session-worker [pam/gdm-launch-environment]"
|
||
/usr/lib/gdm3/gdm-session-worker
|
-
|
||
/usr/lib/gdm3/gdm-wayland-session
|
/usr/lib/gdm3/gdm-wayland-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
|
||
/usr/lib/gdm3/gdm-wayland-session
|
-
|
||
/usr/bin/dbus-run-session
|
dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
|
||
/usr/bin/dbus-run-session
|
-
|
||
/usr/bin/dbus-daemon
|
dbus-daemon --nofork --print-address 4 --session
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/bin/dbus-daemon
|
-
|
||
/bin/false
|
/bin/false
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/bin/dbus-daemon
|
-
|
||
/bin/false
|
/bin/false
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/bin/dbus-daemon
|
-
|
||
/bin/false
|
/bin/false
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/bin/dbus-daemon
|
-
|
||
/bin/false
|
/bin/false
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/bin/dbus-daemon
|
-
|
||
/bin/false
|
/bin/false
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/bin/dbus-daemon
|
-
|
||
/bin/false
|
/bin/false
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/bin/dbus-daemon
|
-
|
||
/bin/false
|
/bin/false
|
||
/usr/bin/dbus-run-session
|
-
|
||
/usr/bin/gnome-session
|
gnome-session --autostart /usr/share/gdm/greeter/autostart
|
||
/usr/libexec/gnome-session-binary
|
/usr/libexec/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/usr/bin/session-migration
|
session-migration
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
|
||
/usr/bin/gnome-shell
|
/usr/bin/gnome-shell
|
||
/usr/sbin/gdm3
|
-
|
||
/usr/lib/gdm3/gdm-session-worker
|
"gdm-session-worker [pam/gdm-launch-environment]"
|
||
/usr/lib/gdm3/gdm-session-worker
|
-
|
||
/usr/lib/gdm3/gdm-x-session
|
/usr/lib/gdm3/gdm-x-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
|
||
/usr/lib/gdm3/gdm-x-session
|
-
|
||
/usr/bin/Xorg
|
/usr/bin/Xorg vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
|
||
/usr/lib/xorg/Xorg.wrap
|
/usr/lib/xorg/Xorg.wrap vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
|
||
/usr/lib/xorg/Xorg
|
/usr/lib/xorg/Xorg vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
|
||
/usr/lib/xorg/Xorg
|
-
|
||
/bin/sh
|
sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\"
-emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
|
||
/bin/sh
|
-
|
||
/usr/bin/xkbcomp
|
/usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors
from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
|
||
/usr/lib/xorg/Xorg
|
-
|
||
/bin/sh
|
sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\"
-emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
|
||
/bin/sh
|
-
|
||
/usr/bin/xkbcomp
|
/usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors
from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
|
||
/usr/lib/gdm3/gdm-x-session
|
-
|
||
/etc/gdm3/Prime/Default
|
/etc/gdm3/Prime/Default
|
||
/usr/lib/gdm3/gdm-x-session
|
-
|
||
/usr/bin/dbus-run-session
|
dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
|
||
/usr/bin/dbus-run-session
|
-
|
||
/usr/bin/dbus-daemon
|
dbus-daemon --nofork --print-address 4 --session
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/libexec/at-spi-bus-launcher
|
/usr/libexec/at-spi-bus-launcher
|
||
/usr/libexec/at-spi-bus-launcher
|
-
|
||
/usr/bin/dbus-daemon
|
/usr/bin/dbus-daemon --config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork --print-address 3
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/libexec/at-spi2-registryd
|
/usr/libexec/at-spi2-registryd --use-gnome-session
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/bin/dbus-daemon
|
-
|
||
/bin/false
|
/bin/false
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/bin/dbus-daemon
|
-
|
||
/bin/false
|
/bin/false
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/bin/dbus-daemon
|
-
|
||
/bin/false
|
/bin/false
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/bin/dbus-daemon
|
-
|
||
/bin/false
|
/bin/false
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/bin/dbus-daemon
|
-
|
||
/bin/false
|
/bin/false
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/bin/dbus-daemon
|
-
|
||
/bin/false
|
/bin/false
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/bin/dbus-daemon
|
-
|
||
/bin/false
|
/bin/false
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/libexec/ibus-portal
|
/usr/libexec/ibus-portal
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/bin/gjs
|
/usr/bin/gjs /usr/share/gnome-shell/org.gnome.Shell.Notifications
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/bin/dbus-daemon
|
-
|
||
/bin/false
|
/bin/false
|
||
/usr/bin/dbus-run-session
|
-
|
||
/usr/bin/gnome-session
|
gnome-session --autostart /usr/share/gdm/greeter/autostart
|
||
/usr/libexec/gnome-session-binary
|
/usr/libexec/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/usr/libexec/gnome-session-check-accelerated
|
/usr/libexec/gnome-session-check-accelerated
|
||
/usr/libexec/gnome-session-check-accelerated
|
-
|
||
/usr/libexec/gnome-session-check-accelerated-gl-helper
|
/usr/libexec/gnome-session-check-accelerated-gl-helper --print-renderer
|
||
/usr/libexec/gnome-session-check-accelerated
|
-
|
||
/usr/libexec/gnome-session-check-accelerated-gles-helper
|
/usr/libexec/gnome-session-check-accelerated-gles-helper --print-renderer
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/usr/bin/session-migration
|
session-migration
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
|
||
/usr/bin/gnome-shell
|
/usr/bin/gnome-shell
|
||
/usr/bin/gnome-shell
|
-
|
||
/usr/bin/ibus-daemon
|
ibus-daemon --panel disable --xim
|
||
/usr/bin/ibus-daemon
|
-
|
||
/usr/libexec/ibus-memconf
|
/usr/libexec/ibus-memconf
|
||
/usr/bin/ibus-daemon
|
-
|
||
/usr/bin/ibus-daemon
|
-
|
||
/usr/libexec/ibus-x11
|
/usr/libexec/ibus-x11 --kill-daemon
|
||
/usr/bin/ibus-daemon
|
-
|
||
/usr/libexec/ibus-engine-simple
|
/usr/libexec/ibus-engine-simple
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
|
||
/usr/libexec/gsd-sharing
|
/usr/libexec/gsd-sharing
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom
|
||
/usr/libexec/gsd-wacom
|
/usr/libexec/gsd-wacom
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-color
|
||
/usr/libexec/gsd-color
|
/usr/libexec/gsd-color
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard
|
||
/usr/libexec/gsd-keyboard
|
/usr/libexec/gsd-keyboard
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
|
||
/usr/libexec/gsd-print-notifications
|
/usr/libexec/gsd-print-notifications
|
||
/usr/libexec/gsd-print-notifications
|
-
|
||
/usr/libexec/gsd-print-notifications
|
-
|
||
/usr/libexec/gsd-printer
|
/usr/libexec/gsd-printer
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
|
||
/usr/libexec/gsd-rfkill
|
/usr/libexec/gsd-rfkill
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-smartcard
|
||
/usr/libexec/gsd-smartcard
|
/usr/libexec/gsd-smartcard
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-datetime
|
||
/usr/libexec/gsd-datetime
|
/usr/libexec/gsd-datetime
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys
|
||
/usr/libexec/gsd-media-keys
|
/usr/libexec/gsd-media-keys
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-screensaver-proxy
|
||
/usr/libexec/gsd-screensaver-proxy
|
/usr/libexec/gsd-screensaver-proxy
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sound
|
||
/usr/libexec/gsd-sound
|
/usr/libexec/gsd-sound
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-a11y-settings
|
||
/usr/libexec/gsd-a11y-settings
|
/usr/libexec/gsd-a11y-settings
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
|
||
/usr/libexec/gsd-housekeeping
|
/usr/libexec/gsd-housekeeping
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-power
|
||
/usr/libexec/gsd-power
|
/usr/libexec/gsd-power
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/spice-vdagent
|
||
/usr/bin/spice-vdagent
|
/usr/bin/spice-vdagent
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh xbrlapi -q
|
||
/usr/bin/xbrlapi
|
xbrlapi -q
|
||
/usr/sbin/gdm3
|
-
|
||
/etc/gdm3/PrimeOff/Default
|
/etc/gdm3/PrimeOff/Default
|
||
/usr/sbin/gdm3
|
-
|
||
/etc/gdm3/PrimeOff/Default
|
/etc/gdm3/PrimeOff/Default
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/lib/accountsservice/accounts-daemon
|
/usr/lib/accountsservice/accounts-daemon
|
||
/usr/lib/accountsservice/accounts-daemon
|
-
|
||
/usr/share/language-tools/language-validate
|
/usr/share/language-tools/language-validate en_US.UTF-8
|
||
/usr/share/language-tools/language-validate
|
-
|
||
/usr/share/language-tools/language-options
|
/usr/share/language-tools/language-options
|
||
/usr/share/language-tools/language-options
|
-
|
||
/bin/sh
|
sh -c "locale -a | grep -F .utf8 "
|
||
/bin/sh
|
-
|
||
/usr/bin/locale
|
locale -a
|
||
/bin/sh
|
-
|
||
/usr/bin/grep
|
grep -F .utf8
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/bin/dbus-daemon
|
/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
|
||
/usr/lib/systemd/systemd
|
-
|
||
/lib/systemd/systemd-localed
|
/lib/systemd/systemd-localed
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/lib/upower/upowerd
|
/usr/lib/upower/upowerd
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/bin/pulseaudio
|
/usr/bin/pulseaudio --daemonize=no --log-target=journal
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/libexec/geoclue
|
/usr/libexec/geoclue
|
||
/usr/lib/systemd/systemd
|
-
|
||
/sbin/wpa_supplicant
|
/sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/bin/dbus-daemon
|
/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/sbin/avahi-daemon
|
/usr/sbin/avahi-daemon -s
|
||
/usr/sbin/avahi-daemon
|
-
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/lib/packagekit/packagekitd
|
/usr/lib/packagekit/packagekitd
|
||
/usr/lib/packagekit/packagekitd
|
-
|
||
/usr/bin/dpkg
|
/usr/bin/dpkg --print-foreign-architectures
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/bin/pulseaudio
|
/usr/bin/pulseaudio --daemonize=no --log-target=journal
|
||
/usr/lib/systemd/systemd
|
-
|
||
/lib/systemd/systemd-hostnamed
|
/lib/systemd/systemd-hostnamed
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/sbin/ModemManager
|
/usr/sbin/ModemManager --filter-policy=strict
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/libexec/colord
|
/usr/libexec/colord
|
||
/usr/libexec/colord
|
-
|
||
/usr/libexec/colord-sane
|
/usr/libexec/colord-sane
|
||
/usr/lib/systemd/systemd
|
-
|
||
/lib/systemd/systemd-localed
|
/lib/systemd/systemd-localed
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/libexec/fprintd
|
/usr/libexec/fprintd
|
There are 287 hidden processes, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://www.rsyslog.com
|
unknown
|
||
http://wiki.x.org
|
unknown
|
||
http://www.ubuntu.com/support)
|
unknown
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
byte-mirai.kro.kr
|
154.216.20.119
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
53.189.202.204
|
unknown
|
Germany
|
||
177.107.116.96
|
unknown
|
Brazil
|
||
159.182.65.118
|
unknown
|
United States
|
||
119.189.17.175
|
unknown
|
China
|
||
137.146.160.13
|
unknown
|
United States
|
||
85.218.82.205
|
unknown
|
Switzerland
|
||
210.235.243.196
|
unknown
|
Japan
|
||
69.166.39.47
|
unknown
|
United States
|
||
94.25.27.73
|
unknown
|
Russian Federation
|
||
204.30.100.159
|
unknown
|
United States
|
||
196.158.82.219
|
unknown
|
Egypt
|
||
66.157.249.129
|
unknown
|
United States
|
||
161.31.26.185
|
unknown
|
United States
|
||
84.139.209.153
|
unknown
|
Germany
|
||
49.228.126.124
|
unknown
|
Thailand
|
||
197.90.198.156
|
unknown
|
South Africa
|
||
95.7.215.185
|
unknown
|
Turkey
|
||
89.205.31.171
|
unknown
|
Macedonia
|
||
169.153.233.5
|
unknown
|
United States
|
||
79.85.35.8
|
unknown
|
France
|
||
12.224.246.67
|
unknown
|
United States
|
||
169.119.23.39
|
unknown
|
United States
|
||
149.118.255.206
|
unknown
|
United States
|
||
179.18.249.94
|
unknown
|
Colombia
|
||
129.91.29.93
|
unknown
|
United States
|
||
118.68.42.183
|
unknown
|
Viet Nam
|
||
133.235.6.84
|
unknown
|
Japan
|
||
133.119.10.98
|
unknown
|
Japan
|
||
34.199.141.141
|
unknown
|
United States
|
||
164.52.64.123
|
unknown
|
China
|
||
77.67.63.231
|
unknown
|
Germany
|
||
144.124.148.177
|
unknown
|
United Kingdom
|
||
78.211.212.29
|
unknown
|
France
|
||
212.135.206.254
|
unknown
|
United Kingdom
|
||
101.182.144.68
|
unknown
|
Australia
|
||
116.104.47.218
|
unknown
|
Viet Nam
|
||
159.114.249.109
|
unknown
|
United Kingdom
|
||
43.78.4.239
|
unknown
|
Japan
|
||
220.234.178.130
|
unknown
|
China
|
||
88.143.248.115
|
unknown
|
France
|
||
147.187.117.9
|
unknown
|
United States
|
||
66.0.112.211
|
unknown
|
United States
|
||
158.169.254.157
|
unknown
|
Luxembourg
|
||
191.242.141.226
|
unknown
|
Brazil
|
||
90.192.174.0
|
unknown
|
United Kingdom
|
||
114.87.152.200
|
unknown
|
China
|
||
198.73.224.223
|
unknown
|
United States
|
||
154.73.89.108
|
unknown
|
South Sudan
|
||
40.183.20.29
|
unknown
|
United States
|
||
103.75.115.190
|
unknown
|
China
|
||
218.177.66.152
|
unknown
|
Japan
|
||
188.65.123.191
|
unknown
|
France
|
||
152.160.245.178
|
unknown
|
United States
|
||
107.195.173.224
|
unknown
|
United States
|
||
43.110.113.74
|
unknown
|
Japan
|
||
171.176.165.237
|
unknown
|
United States
|
||
170.224.130.3
|
unknown
|
United States
|
||
135.1.165.76
|
unknown
|
United States
|
||
81.255.86.140
|
unknown
|
France
|
||
103.169.22.73
|
unknown
|
unknown
|
||
202.155.217.209
|
unknown
|
Hong Kong
|
||
74.32.182.143
|
unknown
|
United States
|
||
172.171.26.238
|
unknown
|
United States
|
||
97.160.170.244
|
unknown
|
United States
|
||
41.227.43.11
|
unknown
|
Tunisia
|
||
204.219.74.130
|
unknown
|
United States
|
||
9.193.186.221
|
unknown
|
United States
|
||
113.35.237.13
|
unknown
|
Japan
|
||
60.174.151.86
|
unknown
|
China
|
||
219.176.161.107
|
unknown
|
Japan
|
||
64.69.134.5
|
unknown
|
United States
|
||
122.4.123.192
|
unknown
|
China
|
||
88.132.94.7
|
unknown
|
Hungary
|
||
4.98.147.176
|
unknown
|
United States
|
||
196.143.151.25
|
unknown
|
Egypt
|
||
208.187.168.228
|
unknown
|
United States
|
||
66.171.26.183
|
unknown
|
United States
|
||
194.168.237.211
|
unknown
|
United Kingdom
|
||
199.255.119.29
|
unknown
|
Puerto Rico
|
||
99.108.133.106
|
unknown
|
United States
|
||
90.18.247.132
|
unknown
|
France
|
||
86.27.49.66
|
unknown
|
United Kingdom
|
||
171.128.174.101
|
unknown
|
United States
|
||
137.186.184.156
|
unknown
|
Canada
|
||
209.111.81.177
|
unknown
|
United States
|
||
105.26.231.236
|
unknown
|
Mauritius
|
||
152.187.134.111
|
unknown
|
United States
|
||
93.210.14.141
|
unknown
|
Germany
|
||
17.237.253.141
|
unknown
|
United States
|
||
139.176.251.73
|
unknown
|
China
|
||
62.31.100.60
|
unknown
|
United Kingdom
|
||
32.22.246.59
|
unknown
|
United States
|
||
148.11.87.107
|
unknown
|
United States
|
||
1.13.172.28
|
unknown
|
China
|
||
89.11.228.59
|
unknown
|
Norway
|
||
82.167.56.133
|
unknown
|
Saudi Arabia
|
||
27.193.150.172
|
unknown
|
China
|
||
125.247.125.247
|
unknown
|
Korea Republic of
|
||
17.131.192.141
|
unknown
|
United States
|
||
117.147.55.218
|
unknown
|
China
|
There are 90 hidden IPs, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
7ff4c8013000
|
page execute read
|
|||
7ff4c8013000
|
page execute read
|
|||
7ff4c8013000
|
page execute read
|
|||
7ff4c8013000
|
page execute read
|
|||
7ff4c8013000
|
page execute read
|
|||
7ff4c8013000
|
page execute read
|
|||
7ffe7e3d5000
|
page execute read
|
|||
7ff54edae000
|
page read and write
|
|||
7ff548000000
|
page read and write
|
|||
7ff54f76f000
|
page read and write
|
|||
5591b8bf6000
|
page read and write
|
|||
7ff54f03d000
|
page read and write
|
|||
5591b8bf6000
|
page read and write
|
|||
7ff4c8018000
|
page read and write
|
|||
7ff54f898000
|
page read and write
|
|||
7ff54f8a0000
|
page read and write
|
|||
5591babf4000
|
page execute and read and write
|
|||
7ff54eda0000
|
page read and write
|
|||
7ff4c8018000
|
page read and write
|
|||
7ff54f3ff000
|
page read and write
|
|||
7ffe7e389000
|
page read and write
|
|||
5591b8bee000
|
page read and write
|
|||
5591bc22f000
|
page read and write
|
|||
7ff54f424000
|
page read and write
|
|||
5591b89bc000
|
page execute read
|
|||
7ffe7e3d5000
|
page execute read
|
|||
7ff54f76f000
|
page read and write
|
|||
7ff54f424000
|
page read and write
|
|||
7ff54f424000
|
page read and write
|
|||
5591babf4000
|
page execute and read and write
|
|||
7ff54f8e5000
|
page read and write
|
|||
7ff54f8e5000
|
page read and write
|
|||
7ffe7e389000
|
page read and write
|
|||
7ff54f898000
|
page read and write
|
|||
7ff548000000
|
page read and write
|
|||
7ffe7e3d5000
|
page execute read
|
|||
7ff54f03d000
|
page read and write
|
|||
7ff54e59d000
|
page read and write
|
|||
7ff54f424000
|
page read and write
|
|||
7ff54eda0000
|
page read and write
|
|||
5591b8bee000
|
page read and write
|
|||
5591b8bee000
|
page read and write
|
|||
7ff54e59d000
|
page read and write
|
|||
7ff54f03d000
|
page read and write
|
|||
7ff54f8a0000
|
page read and write
|
|||
7ffe7e3d5000
|
page execute read
|
|||
7ff54edae000
|
page read and write
|
|||
7ff54f8a0000
|
page read and write
|
|||
7ffe7e389000
|
page read and write
|
|||
7ff54edae000
|
page read and write
|
|||
7ff4c8015000
|
page read and write
|
|||
5591b89bc000
|
page execute read
|
|||
5591babf4000
|
page execute and read and write
|
|||
7ffe7e3d5000
|
page execute read
|
|||
7ff54f03d000
|
page read and write
|
|||
7ff548021000
|
page read and write
|
|||
7ff54e59d000
|
page read and write
|
|||
7ff54f76f000
|
page read and write
|
|||
7ff54e59d000
|
page read and write
|
|||
7ff54eda0000
|
page read and write
|
|||
7ffe7e389000
|
page read and write
|
|||
7ff4c801a000
|
page read and write
|
|||
7ff54f8e5000
|
page read and write
|
|||
5591b8bee000
|
page read and write
|
|||
5591b8bf6000
|
page read and write
|
|||
5591b89bc000
|
page execute read
|
|||
7ff54f8e5000
|
page read and write
|
|||
7ff548000000
|
page read and write
|
|||
5591babf4000
|
page execute and read and write
|
|||
7ff54f76f000
|
page read and write
|
|||
5591bac8b000
|
page read and write
|
|||
7ff4c801a000
|
page read and write
|
|||
7ffe7e3d5000
|
page execute read
|
|||
7ff54f8e5000
|
page read and write
|
|||
7ff54eda0000
|
page read and write
|
|||
7ff54f3ff000
|
page read and write
|
|||
7ff54f3ff000
|
page read and write
|
|||
5591b8bee000
|
page read and write
|
|||
7ff54f03d000
|
page read and write
|
|||
7ff4c8018000
|
page read and write
|
|||
7ff548000000
|
page read and write
|
|||
7ff4c8018000
|
page read and write
|
|||
7ff54f76f000
|
page read and write
|
|||
7ff548021000
|
page read and write
|
|||
5591b8bf6000
|
page read and write
|
|||
7ff54edae000
|
page read and write
|
|||
5591b89bc000
|
page execute read
|
|||
5591babf4000
|
page execute and read and write
|
|||
5591b8bee000
|
page read and write
|
|||
5591bac8b000
|
page read and write
|
|||
7ff54e59d000
|
page read and write
|
|||
7ff548021000
|
page read and write
|
|||
7ff54f8a0000
|
page read and write
|
|||
5591bac8b000
|
page read and write
|
|||
5591bc22f000
|
page read and write
|
|||
7ff54f8a0000
|
page read and write
|
|||
7ff54f424000
|
page read and write
|
|||
7ff54f3ff000
|
page read and write
|
|||
5591b89bc000
|
page execute read
|
|||
5591bc22f000
|
page read and write
|
|||
7ffe7e389000
|
page read and write
|
|||
7ff4c8015000
|
page read and write
|
|||
7ff4c8018000
|
page read and write
|
|||
5591b8bf6000
|
page read and write
|
|||
5591bac8b000
|
page read and write
|
|||
5591bc22f000
|
page read and write
|
|||
7ff54f8e5000
|
page read and write
|
|||
7ff54f898000
|
page read and write
|
|||
7ff548000000
|
page read and write
|
|||
7ff54edae000
|
page read and write
|
|||
7ff4c8015000
|
page read and write
|
|||
7ff54e59d000
|
page read and write
|
|||
5591bc22f000
|
page read and write
|
|||
7ff54f3ff000
|
page read and write
|
|||
7ff54f424000
|
page read and write
|
|||
7ff548021000
|
page read and write
|
|||
7ff54f898000
|
page read and write
|
|||
5591bc22f000
|
page read and write
|
|||
7ff548021000
|
page read and write
|
|||
7ff4c8018000
|
page read and write
|
|||
7ff548021000
|
page read and write
|
|||
7ff4c8015000
|
page read and write
|
|||
7ff54f3ff000
|
page read and write
|
|||
5591b89bc000
|
page execute read
|
|||
7ff54f898000
|
page read and write
|
|||
7ff54f898000
|
page read and write
|
|||
7ff54f8a0000
|
page read and write
|
|||
7ff548000000
|
page read and write
|
|||
7ff54eda0000
|
page read and write
|
|||
5591bac8b000
|
page read and write
|
|||
7ff54f76f000
|
page read and write
|
|||
7ff4c8015000
|
page read and write
|
|||
7ff54eda0000
|
page read and write
|
|||
5591babf4000
|
page execute and read and write
|
|||
7ff54f03d000
|
page read and write
|
|||
7ffe7e389000
|
page read and write
|
|||
5591b8bf6000
|
page read and write
|
|||
7ff54edae000
|
page read and write
|
|||
5591bac8b000
|
page read and write
|
|||
7ff4c8015000
|
page read and write
|
There are 130 hidden memdumps, click here to show them.