Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
Aqua.arm5.elf
|
ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
|
initial sample
|
||
/var/log/wtmp
|
data
|
dropped
|
||
/home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-sink
|
ASCII text
|
dropped
|
||
/home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-source
|
ASCII text
|
dropped
|
||
/proc/6011/oom_score_adj
|
very short file (no magic)
|
dropped
|
||
/proc/6014/oom_score_adj
|
very short file (no magic)
|
dropped
|
||
/proc/6016/oom_score_adj
|
very short file (no magic)
|
dropped
|
||
/proc/6018/oom_score_adj
|
very short file (no magic)
|
dropped
|
||
/proc/6020/oom_score_adj
|
very short file (no magic)
|
dropped
|
||
/proc/6022/oom_score_adj
|
very short file (no magic)
|
dropped
|
||
/proc/6025/oom_score_adj
|
very short file (no magic)
|
dropped
|
||
/proc/6074/oom_score_adj
|
very short file (no magic)
|
dropped
|
||
/proc/6102/oom_score_adj
|
very short file (no magic)
|
dropped
|
||
/proc/6105/oom_score_adj
|
very short file (no magic)
|
dropped
|
||
/proc/6107/oom_score_adj
|
very short file (no magic)
|
dropped
|
||
/proc/6109/oom_score_adj
|
very short file (no magic)
|
dropped
|
||
/proc/6111/oom_score_adj
|
very short file (no magic)
|
dropped
|
||
/proc/6113/oom_score_adj
|
very short file (no magic)
|
dropped
|
||
/proc/6116/oom_score_adj
|
very short file (no magic)
|
dropped
|
||
/proc/6296/oom_score_adj
|
very short file (no magic)
|
dropped
|
||
/proc/6455/oom_score_adj
|
very short file (no magic)
|
dropped
|
||
/proc/6472/oom_score_adj
|
very short file (no magic)
|
dropped
|
||
/proc/6690/oom_score_adj
|
very short file (no magic)
|
dropped
|
||
/run/avahi-daemon/pid
|
ASCII text
|
dropped
|
||
/run/gdm3.pid
|
ASCII text
|
dropped
|
||
/run/systemd/inhibit/.#1aytZsF
|
ASCII text
|
dropped
|
||
/run/systemd/inhibit/.#2t9Sc1I
|
ASCII text
|
dropped
|
||
/run/systemd/inhibit/.#3i3aUvI
|
ASCII text
|
dropped
|
||
/run/systemd/inhibit/.#4EuBOhG
|
ASCII text
|
dropped
|
||
/run/systemd/inhibit/.#5gzYi4G
|
ASCII text
|
dropped
|
||
/run/systemd/seats/.#seat00bKj5v
|
ASCII text
|
dropped
|
||
/run/systemd/seats/.#seat06bxeTI
|
ASCII text
|
dropped
|
||
/run/systemd/seats/.#seat0QNkJIH
|
ASCII text
|
dropped
|
||
/run/systemd/seats/.#seat0XmrqJE
|
ASCII text
|
dropped
|
||
/run/systemd/seats/.#seat0XzcaBI
|
ASCII text
|
dropped
|
||
/run/systemd/seats/.#seat0aWx1rC
|
ASCII text
|
dropped
|
||
/run/systemd/seats/.#seat0bDf9lF
|
ASCII text
|
dropped
|
||
/run/systemd/seats/.#seat0mzw6OI
|
ASCII text
|
dropped
|
||
/run/systemd/seats/.#seat0vNzIAG
|
ASCII text
|
dropped
|
||
/run/systemd/sessions/.#c145ZkLI
|
ASCII text
|
dropped
|
||
/run/systemd/sessions/.#c15YluFH
|
ASCII text
|
dropped
|
||
/run/systemd/sessions/.#c1SQVpXI
|
ASCII text
|
dropped
|
||
/run/systemd/sessions/.#c1eG8dzI
|
ASCII text
|
dropped
|
||
/run/systemd/sessions/.#c1lEZWSG
|
ASCII text
|
dropped
|
||
/run/systemd/sessions/.#c1q6pdXI
|
ASCII text
|
dropped
|
||
/run/systemd/sessions/.#c1swftzI
|
ASCII text
|
dropped
|
||
/run/systemd/sessions/.#c20BO4sF
|
ASCII text
|
dropped
|
||
/run/systemd/sessions/.#c2GMeBkG
|
ASCII text
|
dropped
|
||
/run/systemd/sessions/.#c2VBsTPG
|
ASCII text
|
dropped
|
||
/run/systemd/sessions/.#c2bPQHbG
|
ASCII text
|
dropped
|
||
/run/systemd/sessions/.#c2dzB76F
|
ASCII text
|
dropped
|
||
/run/systemd/sessions/.#c2oMAgNI
|
ASCII text
|
dropped
|
||
/run/systemd/sessions/.#c2qGsSDG
|
ASCII text
|
dropped
|
||
/run/systemd/sessions/.#c2wz7PrG
|
ASCII text
|
dropped
|
||
/run/systemd/users/.#1271IdlrI
|
ASCII text
|
dropped
|
||
/run/systemd/users/.#1275Em6EF
|
ASCII text
|
dropped
|
||
/run/systemd/users/.#1277LDHAI
|
ASCII text
|
dropped
|
||
/run/systemd/users/.#127AfItbG
|
ASCII text
|
dropped
|
||
/run/systemd/users/.#127Kta8GI
|
ASCII text
|
dropped
|
||
/run/systemd/users/.#127MuOcoI
|
ASCII text
|
dropped
|
||
/run/systemd/users/.#127PZOo6G
|
ASCII text
|
dropped
|
||
/run/systemd/users/.#127d0hA7G
|
ASCII text
|
dropped
|
||
/run/systemd/users/.#127dZcUBF
|
ASCII text
|
dropped
|
||
/run/systemd/users/.#127jfCEOI
|
ASCII text
|
dropped
|
||
/run/systemd/users/.#127nBMILF
|
ASCII text
|
dropped
|
||
/run/systemd/users/.#127wom63G
|
ASCII text
|
dropped
|
||
/run/user/1000/pulse/pid
|
ASCII text
|
dropped
|
||
/run/user/127/ICEauthority
|
TTComp archive data, binary, 1K dictionary
|
dropped
|
||
/run/user/127/dconf/user
|
very short file (no magic)
|
dropped
|
||
/run/user/127/gdm/Xauthority
|
X11 Xauthority data
|
dropped
|
||
/run/user/127/pulse/pid
|
ASCII text
|
dropped
|
||
/run/utmp
|
data
|
dropped
|
||
/tmp/qemu-open.xF2MeH (deleted)
|
data
|
dropped
|
||
/tmp/server-0.xkm
|
Compiled XKB Keymap: lsb, version 15
|
dropped
|
||
/var/lib/AccountsService/users/gdm.OGBWY2
|
ASCII text
|
dropped
|
||
/var/lib/AccountsService/users/gdm.UI8VY2
|
ASCII text
|
dropped
|
||
/var/lib/gdm3/.config/ibus/bus/ee49dfd4fa47433baee88884e2d7de7c-unix-0
|
ASCII text
|
dropped
|
||
/var/lib/gdm3/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-sink
|
very short file (no magic)
|
dropped
|
||
/var/lib/gdm3/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-source
|
very short file (no magic)
|
dropped
|
||
/var/log/Xorg.0.log
|
JSON data
|
dropped
|
||
/var/log/auth.log
|
ASCII text
|
dropped
|
||
/var/log/kern.log
|
ASCII text
|
dropped
|
||
/var/log/syslog
|
ASCII text
|
dropped
|
There are 73 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
/tmp/Aqua.arm5.elf
|
/tmp/Aqua.arm5.elf
|
||
/tmp/Aqua.arm5.elf
|
-
|
||
/tmp/Aqua.arm5.elf
|
-
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
|
||
/usr/libexec/gsd-rfkill
|
/usr/libexec/gsd-rfkill
|
||
/usr/lib/systemd/systemd
|
-
|
||
/lib/systemd/systemd-hostnamed
|
/lib/systemd/systemd-hostnamed
|
||
/usr/sbin/gdm3
|
-
|
||
/etc/gdm3/PrimeOff/Default
|
/etc/gdm3/PrimeOff/Default
|
||
/usr/sbin/gdm3
|
-
|
||
/etc/gdm3/PrimeOff/Default
|
/etc/gdm3/PrimeOff/Default
|
||
/usr/sbin/gdm3
|
-
|
||
/etc/gdm3/PrimeOff/Default
|
/etc/gdm3/PrimeOff/Default
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/bin/dbus-daemon
|
/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/bin/pulseaudio
|
/usr/bin/pulseaudio --daemonize=no --log-target=journal
|
||
/usr/lib/systemd/systemd
|
-
|
||
/lib/systemd/systemd-logind
|
/lib/systemd/systemd-logind
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/libexec/rtkit-daemon
|
/usr/libexec/rtkit-daemon
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/sbin/rsyslogd
|
/usr/sbin/rsyslogd -n -iNONE
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/lib/policykit-1/polkitd
|
/usr/lib/policykit-1/polkitd --no-debug
|
||
/usr/libexec/gvfsd-fuse
|
-
|
||
/bin/fusermount
|
fusermount -u -q -z -- /run/user/1000/gvfs
|
||
/usr/lib/systemd/systemd
|
-
|
||
/sbin/agetty
|
/sbin/agetty -o "-p -- \\u" --noclear tty2 linux
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/bin/gpu-manager
|
/usr/bin/gpu-manager --log /var/log/gpu-manager.log
|
||
/usr/bin/gpu-manager
|
-
|
||
/bin/sh
|
sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
|
||
/bin/sh
|
-
|
||
/usr/bin/grep
|
grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf
/etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf
/etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf
/etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
|
||
/usr/bin/gpu-manager
|
-
|
||
/bin/sh
|
sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
|
||
/bin/sh
|
-
|
||
/usr/bin/grep
|
grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf
/lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/bin/dbus-daemon
|
/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/sbin/rsyslogd
|
/usr/sbin/rsyslogd -n -iNONE
|
||
/usr/lib/systemd/systemd
|
-
|
||
/sbin/agetty
|
/sbin/agetty -o "-p -- \\u" --noclear tty2 linux
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/share/gdm/generate-config
|
/usr/share/gdm/generate-config
|
||
/usr/share/gdm/generate-config
|
-
|
||
/usr/bin/pkill
|
pkill --signal HUP --uid gdm dconf-service
|
||
/usr/lib/systemd/systemd
|
-
|
||
/lib/systemd/systemd-logind
|
/lib/systemd/systemd-logind
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/lib/gdm3/gdm-wait-for-drm
|
/usr/lib/gdm3/gdm-wait-for-drm
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/sbin/rsyslogd
|
/usr/sbin/rsyslogd -n -iNONE
|
||
/usr/lib/systemd/systemd
|
-
|
||
/sbin/agetty
|
/sbin/agetty -o "-p -- \\u" --noclear tty2 linux
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/bin/dbus-daemon
|
/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
|
||
/usr/lib/systemd/systemd
|
-
|
||
/lib/systemd/systemd-logind
|
/lib/systemd/systemd-logind
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/sbin/gdm3
|
/usr/sbin/gdm3
|
||
/usr/sbin/gdm3
|
-
|
||
/usr/bin/plymouth
|
plymouth --ping
|
||
/usr/sbin/gdm3
|
-
|
||
/usr/lib/gdm3/gdm-session-worker
|
"gdm-session-worker [pam/gdm-launch-environment]"
|
||
/usr/lib/gdm3/gdm-session-worker
|
-
|
||
/usr/lib/gdm3/gdm-wayland-session
|
/usr/lib/gdm3/gdm-wayland-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
|
||
/usr/lib/gdm3/gdm-wayland-session
|
-
|
||
/usr/bin/dbus-run-session
|
dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
|
||
/usr/bin/dbus-run-session
|
-
|
||
/usr/bin/dbus-daemon
|
dbus-daemon --nofork --print-address 4 --session
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/bin/dbus-daemon
|
-
|
||
/bin/false
|
/bin/false
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/bin/dbus-daemon
|
-
|
||
/bin/false
|
/bin/false
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/bin/dbus-daemon
|
-
|
||
/bin/false
|
/bin/false
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/bin/dbus-daemon
|
-
|
||
/bin/false
|
/bin/false
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/bin/dbus-daemon
|
-
|
||
/bin/false
|
/bin/false
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/bin/dbus-daemon
|
-
|
||
/bin/false
|
/bin/false
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/bin/dbus-daemon
|
-
|
||
/bin/false
|
/bin/false
|
||
/usr/bin/dbus-run-session
|
-
|
||
/usr/bin/gnome-session
|
gnome-session --autostart /usr/share/gdm/greeter/autostart
|
||
/usr/libexec/gnome-session-binary
|
/usr/libexec/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/usr/bin/session-migration
|
session-migration
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
|
||
/usr/bin/gnome-shell
|
/usr/bin/gnome-shell
|
||
/usr/sbin/gdm3
|
-
|
||
/usr/lib/gdm3/gdm-session-worker
|
"gdm-session-worker [pam/gdm-launch-environment]"
|
||
/usr/lib/gdm3/gdm-session-worker
|
-
|
||
/usr/lib/gdm3/gdm-x-session
|
/usr/lib/gdm3/gdm-x-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
|
||
/usr/lib/gdm3/gdm-x-session
|
-
|
||
/usr/bin/Xorg
|
/usr/bin/Xorg vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
|
||
/usr/lib/xorg/Xorg.wrap
|
/usr/lib/xorg/Xorg.wrap vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
|
||
/usr/lib/xorg/Xorg
|
/usr/lib/xorg/Xorg vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
|
||
/usr/lib/xorg/Xorg
|
-
|
||
/bin/sh
|
sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\"
-emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
|
||
/bin/sh
|
-
|
||
/usr/bin/xkbcomp
|
/usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors
from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
|
||
/usr/lib/xorg/Xorg
|
-
|
||
/bin/sh
|
sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\"
-emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
|
||
/bin/sh
|
-
|
||
/usr/bin/xkbcomp
|
/usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors
from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
|
||
/usr/lib/gdm3/gdm-x-session
|
-
|
||
/etc/gdm3/Prime/Default
|
/etc/gdm3/Prime/Default
|
||
/usr/lib/gdm3/gdm-x-session
|
-
|
||
/usr/bin/dbus-run-session
|
dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
|
||
/usr/bin/dbus-run-session
|
-
|
||
/usr/bin/dbus-daemon
|
dbus-daemon --nofork --print-address 4 --session
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/libexec/at-spi-bus-launcher
|
/usr/libexec/at-spi-bus-launcher
|
||
/usr/libexec/at-spi-bus-launcher
|
-
|
||
/usr/bin/dbus-daemon
|
/usr/bin/dbus-daemon --config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork --print-address 3
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/libexec/at-spi2-registryd
|
/usr/libexec/at-spi2-registryd --use-gnome-session
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/bin/dbus-daemon
|
-
|
||
/bin/false
|
/bin/false
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/bin/dbus-daemon
|
-
|
||
/bin/false
|
/bin/false
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/bin/dbus-daemon
|
-
|
||
/bin/false
|
/bin/false
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/bin/dbus-daemon
|
-
|
||
/bin/false
|
/bin/false
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/bin/dbus-daemon
|
-
|
||
/bin/false
|
/bin/false
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/bin/dbus-daemon
|
-
|
||
/bin/false
|
/bin/false
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/bin/dbus-daemon
|
-
|
||
/bin/false
|
/bin/false
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/libexec/ibus-portal
|
/usr/libexec/ibus-portal
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/bin/gjs
|
/usr/bin/gjs /usr/share/gnome-shell/org.gnome.Shell.Notifications
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/bin/dbus-daemon
|
-
|
||
/bin/false
|
/bin/false
|
||
/usr/bin/dbus-run-session
|
-
|
||
/usr/bin/gnome-session
|
gnome-session --autostart /usr/share/gdm/greeter/autostart
|
||
/usr/libexec/gnome-session-binary
|
/usr/libexec/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/usr/libexec/gnome-session-check-accelerated
|
/usr/libexec/gnome-session-check-accelerated
|
||
/usr/libexec/gnome-session-check-accelerated
|
-
|
||
/usr/libexec/gnome-session-check-accelerated-gl-helper
|
/usr/libexec/gnome-session-check-accelerated-gl-helper --print-renderer
|
||
/usr/libexec/gnome-session-check-accelerated
|
-
|
||
/usr/libexec/gnome-session-check-accelerated-gles-helper
|
/usr/libexec/gnome-session-check-accelerated-gles-helper --print-renderer
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/usr/bin/session-migration
|
session-migration
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
|
||
/usr/bin/gnome-shell
|
/usr/bin/gnome-shell
|
||
/usr/bin/gnome-shell
|
-
|
||
/usr/bin/ibus-daemon
|
ibus-daemon --panel disable --xim
|
||
/usr/bin/ibus-daemon
|
-
|
||
/usr/libexec/ibus-memconf
|
/usr/libexec/ibus-memconf
|
||
/usr/bin/ibus-daemon
|
-
|
||
/usr/bin/ibus-daemon
|
-
|
||
/usr/libexec/ibus-x11
|
/usr/libexec/ibus-x11 --kill-daemon
|
||
/usr/bin/ibus-daemon
|
-
|
||
/usr/libexec/ibus-engine-simple
|
/usr/libexec/ibus-engine-simple
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
|
||
/usr/libexec/gsd-sharing
|
/usr/libexec/gsd-sharing
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom
|
||
/usr/libexec/gsd-wacom
|
/usr/libexec/gsd-wacom
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-color
|
||
/usr/libexec/gsd-color
|
/usr/libexec/gsd-color
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard
|
||
/usr/libexec/gsd-keyboard
|
/usr/libexec/gsd-keyboard
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
|
||
/usr/libexec/gsd-print-notifications
|
/usr/libexec/gsd-print-notifications
|
||
/usr/libexec/gsd-print-notifications
|
-
|
||
/usr/libexec/gsd-print-notifications
|
-
|
||
/usr/libexec/gsd-printer
|
/usr/libexec/gsd-printer
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
|
||
/usr/libexec/gsd-rfkill
|
/usr/libexec/gsd-rfkill
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-smartcard
|
||
/usr/libexec/gsd-smartcard
|
/usr/libexec/gsd-smartcard
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-datetime
|
||
/usr/libexec/gsd-datetime
|
/usr/libexec/gsd-datetime
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys
|
||
/usr/libexec/gsd-media-keys
|
/usr/libexec/gsd-media-keys
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-screensaver-proxy
|
||
/usr/libexec/gsd-screensaver-proxy
|
/usr/libexec/gsd-screensaver-proxy
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sound
|
||
/usr/libexec/gsd-sound
|
/usr/libexec/gsd-sound
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-a11y-settings
|
||
/usr/libexec/gsd-a11y-settings
|
/usr/libexec/gsd-a11y-settings
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
|
||
/usr/libexec/gsd-housekeeping
|
/usr/libexec/gsd-housekeeping
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-power
|
||
/usr/libexec/gsd-power
|
/usr/libexec/gsd-power
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/spice-vdagent
|
||
/usr/bin/spice-vdagent
|
/usr/bin/spice-vdagent
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh xbrlapi -q
|
||
/usr/bin/xbrlapi
|
xbrlapi -q
|
||
/usr/sbin/gdm3
|
-
|
||
/etc/gdm3/PrimeOff/Default
|
/etc/gdm3/PrimeOff/Default
|
||
/usr/sbin/gdm3
|
-
|
||
/etc/gdm3/PrimeOff/Default
|
/etc/gdm3/PrimeOff/Default
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/lib/accountsservice/accounts-daemon
|
/usr/lib/accountsservice/accounts-daemon
|
||
/usr/lib/accountsservice/accounts-daemon
|
-
|
||
/usr/share/language-tools/language-validate
|
/usr/share/language-tools/language-validate en_US.UTF-8
|
||
/usr/share/language-tools/language-validate
|
-
|
||
/usr/share/language-tools/language-options
|
/usr/share/language-tools/language-options
|
||
/usr/share/language-tools/language-options
|
-
|
||
/bin/sh
|
sh -c "locale -a | grep -F .utf8 "
|
||
/bin/sh
|
-
|
||
/usr/bin/locale
|
locale -a
|
||
/bin/sh
|
-
|
||
/usr/bin/grep
|
grep -F .utf8
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/lib/policykit-1/polkitd
|
/usr/lib/policykit-1/polkitd --no-debug
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/bin/dbus-daemon
|
/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
|
||
/usr/lib/systemd/systemd
|
-
|
||
/lib/systemd/systemd-localed
|
/lib/systemd/systemd-localed
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/lib/upower/upowerd
|
/usr/lib/upower/upowerd
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/bin/pulseaudio
|
/usr/bin/pulseaudio --daemonize=no --log-target=journal
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/libexec/geoclue
|
/usr/libexec/geoclue
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/libexec/rtkit-daemon
|
/usr/libexec/rtkit-daemon
|
||
/usr/lib/systemd/systemd
|
-
|
||
/sbin/wpa_supplicant
|
/sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/sbin/avahi-daemon
|
/usr/sbin/avahi-daemon -s
|
||
/usr/sbin/avahi-daemon
|
-
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/lib/packagekit/packagekitd
|
/usr/lib/packagekit/packagekitd
|
||
/usr/lib/packagekit/packagekitd
|
-
|
||
/usr/bin/dpkg
|
/usr/bin/dpkg --print-foreign-architectures
|
||
/usr/lib/systemd/systemd
|
-
|
||
/lib/systemd/systemd-hostnamed
|
/lib/systemd/systemd-hostnamed
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/libexec/colord
|
/usr/libexec/colord
|
||
/usr/libexec/colord
|
-
|
||
/usr/libexec/colord-sane
|
/usr/libexec/colord-sane
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/sbin/ModemManager
|
/usr/sbin/ModemManager --filter-policy=strict
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/bin/dbus-daemon
|
/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/bin/pulseaudio
|
/usr/bin/pulseaudio --daemonize=no --log-target=journal
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/libexec/fprintd
|
/usr/libexec/fprintd
|
There are 280 hidden processes, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://www.rsyslog.com
|
unknown
|
||
http://wiki.x.org
|
unknown
|
||
http://www.ubuntu.com/support)
|
unknown
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
daisy.ubuntu.com
|
162.213.35.24
|
||
45.148.10.84
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
89.190.156.145
|
unknown
|
United Kingdom
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
7f9e00035000
|
page read and write
|
|||
7ffdcbcfc000
|
page execute read
|
|||
7f9efffff000
|
page read and write
|
|||
7f9e00035000
|
page read and write
|
|||
7f9f05ba7000
|
page read and write
|
|||
7f9e00029000
|
page execute read
|
|||
7f9f07089000
|
page read and write
|
|||
565018a3d000
|
page execute and read and write
|
|||
7f9e00032000
|
page read and write
|
|||
5650167e5000
|
page execute read
|
|||
565016a3f000
|
page read and write
|
|||
565018a54000
|
page read and write
|
|||
7f9f06441000
|
page read and write
|
|||
7f9f06a0e000
|
page read and write
|
|||
7f9f070ad000
|
page read and write
|
|||
7f9f00021000
|
page read and write
|
|||
7f9e00039000
|
page read and write
|
|||
565018a3d000
|
page execute and read and write
|
|||
7f9f070f2000
|
page read and write
|
|||
7f9e00029000
|
page execute read
|
|||
7ffdcbc4c000
|
page read and write
|
|||
7f9e00032000
|
page read and write
|
|||
565016a3f000
|
page read and write
|
|||
7f9f00021000
|
page read and write
|
|||
7f9f06f60000
|
page read and write
|
|||
5650167e5000
|
page execute read
|
|||
7f9f067a3000
|
page read and write
|
|||
7f9f070f2000
|
page read and write
|
|||
5650193fb000
|
page read and write
|
|||
7f9f06f60000
|
page read and write
|
|||
7f9f070ad000
|
page read and write
|
|||
565018a54000
|
page read and write
|
|||
7f9efffff000
|
page read and write
|
|||
7f9f06b9d000
|
page read and write
|
|||
7ffdcbc4c000
|
page read and write
|
|||
7f9f06d7f000
|
page read and write
|
|||
7f9f06b9d000
|
page read and write
|
|||
7f9f06441000
|
page read and write
|
|||
7f9f06a0e000
|
page read and write
|
|||
7f9f067a3000
|
page read and write
|
|||
5650193d8000
|
page read and write
|
|||
565016a36000
|
page read and write
|
|||
565016a36000
|
page read and write
|
|||
7f9f07089000
|
page read and write
|
|||
5650193d8000
|
page read and write
|
|||
7f9f06d7f000
|
page read and write
|
|||
7f9f063af000
|
page read and write
|
|||
7ffdcbcfc000
|
page execute read
|
|||
7f9f063af000
|
page read and write
|
|||
7f9f06a31000
|
page read and write
|
|||
7f9f05ba7000
|
page read and write
|
|||
7f9f06a31000
|
page read and write
|
There are 42 hidden memdumps, click here to show them.