IOC Report
Aqua.arm5.elf

loading gif

Files

File Path
Type
Category
Malicious
Aqua.arm5.elf
ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
initial sample
malicious
/var/log/wtmp
data
dropped
malicious
/home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-sink
ASCII text
dropped
/home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-source
ASCII text
dropped
/proc/6011/oom_score_adj
very short file (no magic)
dropped
/proc/6014/oom_score_adj
very short file (no magic)
dropped
/proc/6016/oom_score_adj
very short file (no magic)
dropped
/proc/6018/oom_score_adj
very short file (no magic)
dropped
/proc/6020/oom_score_adj
very short file (no magic)
dropped
/proc/6022/oom_score_adj
very short file (no magic)
dropped
/proc/6025/oom_score_adj
very short file (no magic)
dropped
/proc/6074/oom_score_adj
very short file (no magic)
dropped
/proc/6102/oom_score_adj
very short file (no magic)
dropped
/proc/6105/oom_score_adj
very short file (no magic)
dropped
/proc/6107/oom_score_adj
very short file (no magic)
dropped
/proc/6109/oom_score_adj
very short file (no magic)
dropped
/proc/6111/oom_score_adj
very short file (no magic)
dropped
/proc/6113/oom_score_adj
very short file (no magic)
dropped
/proc/6116/oom_score_adj
very short file (no magic)
dropped
/proc/6296/oom_score_adj
very short file (no magic)
dropped
/proc/6455/oom_score_adj
very short file (no magic)
dropped
/proc/6472/oom_score_adj
very short file (no magic)
dropped
/proc/6690/oom_score_adj
very short file (no magic)
dropped
/run/avahi-daemon/pid
ASCII text
dropped
/run/gdm3.pid
ASCII text
dropped
/run/systemd/inhibit/.#1aytZsF
ASCII text
dropped
/run/systemd/inhibit/.#2t9Sc1I
ASCII text
dropped
/run/systemd/inhibit/.#3i3aUvI
ASCII text
dropped
/run/systemd/inhibit/.#4EuBOhG
ASCII text
dropped
/run/systemd/inhibit/.#5gzYi4G
ASCII text
dropped
/run/systemd/seats/.#seat00bKj5v
ASCII text
dropped
/run/systemd/seats/.#seat06bxeTI
ASCII text
dropped
/run/systemd/seats/.#seat0QNkJIH
ASCII text
dropped
/run/systemd/seats/.#seat0XmrqJE
ASCII text
dropped
/run/systemd/seats/.#seat0XzcaBI
ASCII text
dropped
/run/systemd/seats/.#seat0aWx1rC
ASCII text
dropped
/run/systemd/seats/.#seat0bDf9lF
ASCII text
dropped
/run/systemd/seats/.#seat0mzw6OI
ASCII text
dropped
/run/systemd/seats/.#seat0vNzIAG
ASCII text
dropped
/run/systemd/sessions/.#c145ZkLI
ASCII text
dropped
/run/systemd/sessions/.#c15YluFH
ASCII text
dropped
/run/systemd/sessions/.#c1SQVpXI
ASCII text
dropped
/run/systemd/sessions/.#c1eG8dzI
ASCII text
dropped
/run/systemd/sessions/.#c1lEZWSG
ASCII text
dropped
/run/systemd/sessions/.#c1q6pdXI
ASCII text
dropped
/run/systemd/sessions/.#c1swftzI
ASCII text
dropped
/run/systemd/sessions/.#c20BO4sF
ASCII text
dropped
/run/systemd/sessions/.#c2GMeBkG
ASCII text
dropped
/run/systemd/sessions/.#c2VBsTPG
ASCII text
dropped
/run/systemd/sessions/.#c2bPQHbG
ASCII text
dropped
/run/systemd/sessions/.#c2dzB76F
ASCII text
dropped
/run/systemd/sessions/.#c2oMAgNI
ASCII text
dropped
/run/systemd/sessions/.#c2qGsSDG
ASCII text
dropped
/run/systemd/sessions/.#c2wz7PrG
ASCII text
dropped
/run/systemd/users/.#1271IdlrI
ASCII text
dropped
/run/systemd/users/.#1275Em6EF
ASCII text
dropped
/run/systemd/users/.#1277LDHAI
ASCII text
dropped
/run/systemd/users/.#127AfItbG
ASCII text
dropped
/run/systemd/users/.#127Kta8GI
ASCII text
dropped
/run/systemd/users/.#127MuOcoI
ASCII text
dropped
/run/systemd/users/.#127PZOo6G
ASCII text
dropped
/run/systemd/users/.#127d0hA7G
ASCII text
dropped
/run/systemd/users/.#127dZcUBF
ASCII text
dropped
/run/systemd/users/.#127jfCEOI
ASCII text
dropped
/run/systemd/users/.#127nBMILF
ASCII text
dropped
/run/systemd/users/.#127wom63G
ASCII text
dropped
/run/user/1000/pulse/pid
ASCII text
dropped
/run/user/127/ICEauthority
TTComp archive data, binary, 1K dictionary
dropped
/run/user/127/dconf/user
very short file (no magic)
dropped
/run/user/127/gdm/Xauthority
X11 Xauthority data
dropped
/run/user/127/pulse/pid
ASCII text
dropped
/run/utmp
data
dropped
/tmp/qemu-open.xF2MeH (deleted)
data
dropped
/tmp/server-0.xkm
Compiled XKB Keymap: lsb, version 15
dropped
/var/lib/AccountsService/users/gdm.OGBWY2
ASCII text
dropped
/var/lib/AccountsService/users/gdm.UI8VY2
ASCII text
dropped
/var/lib/gdm3/.config/ibus/bus/ee49dfd4fa47433baee88884e2d7de7c-unix-0
ASCII text
dropped
/var/lib/gdm3/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-sink
very short file (no magic)
dropped
/var/lib/gdm3/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-source
very short file (no magic)
dropped
/var/log/Xorg.0.log
JSON data
dropped
/var/log/auth.log
ASCII text
dropped
/var/log/kern.log
ASCII text
dropped
/var/log/syslog
ASCII text
dropped
There are 73 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
/tmp/Aqua.arm5.elf
/tmp/Aqua.arm5.elf
/tmp/Aqua.arm5.elf
-
/tmp/Aqua.arm5.elf
-
/usr/libexec/gnome-session-binary
-
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
/usr/libexec/gsd-rfkill
/usr/libexec/gsd-rfkill
/usr/lib/systemd/systemd
-
/lib/systemd/systemd-hostnamed
/lib/systemd/systemd-hostnamed
/usr/sbin/gdm3
-
/etc/gdm3/PrimeOff/Default
/etc/gdm3/PrimeOff/Default
/usr/sbin/gdm3
-
/etc/gdm3/PrimeOff/Default
/etc/gdm3/PrimeOff/Default
/usr/sbin/gdm3
-
/etc/gdm3/PrimeOff/Default
/etc/gdm3/PrimeOff/Default
/usr/lib/systemd/systemd
-
/usr/bin/dbus-daemon
/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
/usr/lib/systemd/systemd
-
/usr/bin/pulseaudio
/usr/bin/pulseaudio --daemonize=no --log-target=journal
/usr/lib/systemd/systemd
-
/lib/systemd/systemd-logind
/lib/systemd/systemd-logind
/usr/lib/systemd/systemd
-
/usr/libexec/rtkit-daemon
/usr/libexec/rtkit-daemon
/usr/lib/systemd/systemd
-
/usr/sbin/rsyslogd
/usr/sbin/rsyslogd -n -iNONE
/usr/lib/systemd/systemd
-
/usr/lib/policykit-1/polkitd
/usr/lib/policykit-1/polkitd --no-debug
/usr/libexec/gvfsd-fuse
-
/bin/fusermount
fusermount -u -q -z -- /run/user/1000/gvfs
/usr/lib/systemd/systemd
-
/sbin/agetty
/sbin/agetty -o "-p -- \\u" --noclear tty2 linux
/usr/lib/systemd/systemd
-
/usr/bin/gpu-manager
/usr/bin/gpu-manager --log /var/log/gpu-manager.log
/usr/bin/gpu-manager
-
/bin/sh
sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
/bin/sh
-
/usr/bin/grep
grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
/usr/bin/gpu-manager
-
/bin/sh
sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
/bin/sh
-
/usr/bin/grep
grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
/usr/lib/systemd/systemd
-
/usr/bin/dbus-daemon
/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
/usr/lib/systemd/systemd
-
/usr/sbin/rsyslogd
/usr/sbin/rsyslogd -n -iNONE
/usr/lib/systemd/systemd
-
/sbin/agetty
/sbin/agetty -o "-p -- \\u" --noclear tty2 linux
/usr/lib/systemd/systemd
-
/usr/share/gdm/generate-config
/usr/share/gdm/generate-config
/usr/share/gdm/generate-config
-
/usr/bin/pkill
pkill --signal HUP --uid gdm dconf-service
/usr/lib/systemd/systemd
-
/lib/systemd/systemd-logind
/lib/systemd/systemd-logind
/usr/lib/systemd/systemd
-
/usr/lib/gdm3/gdm-wait-for-drm
/usr/lib/gdm3/gdm-wait-for-drm
/usr/lib/systemd/systemd
-
/usr/sbin/rsyslogd
/usr/sbin/rsyslogd -n -iNONE
/usr/lib/systemd/systemd
-
/sbin/agetty
/sbin/agetty -o "-p -- \\u" --noclear tty2 linux
/usr/lib/systemd/systemd
-
/usr/bin/dbus-daemon
/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
/usr/lib/systemd/systemd
-
/lib/systemd/systemd-logind
/lib/systemd/systemd-logind
/usr/lib/systemd/systemd
-
/usr/sbin/gdm3
/usr/sbin/gdm3
/usr/sbin/gdm3
-
/usr/bin/plymouth
plymouth --ping
/usr/sbin/gdm3
-
/usr/lib/gdm3/gdm-session-worker
"gdm-session-worker [pam/gdm-launch-environment]"
/usr/lib/gdm3/gdm-session-worker
-
/usr/lib/gdm3/gdm-wayland-session
/usr/lib/gdm3/gdm-wayland-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
/usr/lib/gdm3/gdm-wayland-session
-
/usr/bin/dbus-run-session
dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
/usr/bin/dbus-run-session
-
/usr/bin/dbus-daemon
dbus-daemon --nofork --print-address 4 --session
/usr/bin/dbus-daemon
-
/usr/bin/dbus-daemon
-
/bin/false
/bin/false
/usr/bin/dbus-daemon
-
/usr/bin/dbus-daemon
-
/bin/false
/bin/false
/usr/bin/dbus-daemon
-
/usr/bin/dbus-daemon
-
/bin/false
/bin/false
/usr/bin/dbus-daemon
-
/usr/bin/dbus-daemon
-
/bin/false
/bin/false
/usr/bin/dbus-daemon
-
/usr/bin/dbus-daemon
-
/bin/false
/bin/false
/usr/bin/dbus-daemon
-
/usr/bin/dbus-daemon
-
/bin/false
/bin/false
/usr/bin/dbus-daemon
-
/usr/bin/dbus-daemon
-
/bin/false
/bin/false
/usr/bin/dbus-run-session
-
/usr/bin/gnome-session
gnome-session --autostart /usr/share/gdm/greeter/autostart
/usr/libexec/gnome-session-binary
/usr/libexec/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart
/usr/libexec/gnome-session-binary
-
/usr/bin/session-migration
session-migration
/usr/libexec/gnome-session-binary
-
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
/usr/bin/gnome-shell
/usr/bin/gnome-shell
/usr/sbin/gdm3
-
/usr/lib/gdm3/gdm-session-worker
"gdm-session-worker [pam/gdm-launch-environment]"
/usr/lib/gdm3/gdm-session-worker
-
/usr/lib/gdm3/gdm-x-session
/usr/lib/gdm3/gdm-x-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
/usr/lib/gdm3/gdm-x-session
-
/usr/bin/Xorg
/usr/bin/Xorg vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
/usr/lib/xorg/Xorg.wrap
/usr/lib/xorg/Xorg.wrap vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
/usr/lib/xorg/Xorg
/usr/lib/xorg/Xorg vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
/usr/lib/xorg/Xorg
-
/bin/sh
sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
/bin/sh
-
/usr/bin/xkbcomp
/usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
/usr/lib/xorg/Xorg
-
/bin/sh
sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
/bin/sh
-
/usr/bin/xkbcomp
/usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
/usr/lib/gdm3/gdm-x-session
-
/etc/gdm3/Prime/Default
/etc/gdm3/Prime/Default
/usr/lib/gdm3/gdm-x-session
-
/usr/bin/dbus-run-session
dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
/usr/bin/dbus-run-session
-
/usr/bin/dbus-daemon
dbus-daemon --nofork --print-address 4 --session
/usr/bin/dbus-daemon
-
/usr/bin/dbus-daemon
-
/usr/libexec/at-spi-bus-launcher
/usr/libexec/at-spi-bus-launcher
/usr/libexec/at-spi-bus-launcher
-
/usr/bin/dbus-daemon
/usr/bin/dbus-daemon --config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork --print-address 3
/usr/bin/dbus-daemon
-
/usr/bin/dbus-daemon
-
/usr/libexec/at-spi2-registryd
/usr/libexec/at-spi2-registryd --use-gnome-session
/usr/bin/dbus-daemon
-
/usr/bin/dbus-daemon
-
/bin/false
/bin/false
/usr/bin/dbus-daemon
-
/usr/bin/dbus-daemon
-
/bin/false
/bin/false
/usr/bin/dbus-daemon
-
/usr/bin/dbus-daemon
-
/bin/false
/bin/false
/usr/bin/dbus-daemon
-
/usr/bin/dbus-daemon
-
/bin/false
/bin/false
/usr/bin/dbus-daemon
-
/usr/bin/dbus-daemon
-
/bin/false
/bin/false
/usr/bin/dbus-daemon
-
/usr/bin/dbus-daemon
-
/bin/false
/bin/false
/usr/bin/dbus-daemon
-
/usr/bin/dbus-daemon
-
/bin/false
/bin/false
/usr/bin/dbus-daemon
-
/usr/bin/dbus-daemon
-
/usr/libexec/ibus-portal
/usr/libexec/ibus-portal
/usr/bin/dbus-daemon
-
/usr/bin/dbus-daemon
-
/usr/bin/gjs
/usr/bin/gjs /usr/share/gnome-shell/org.gnome.Shell.Notifications
/usr/bin/dbus-daemon
-
/usr/bin/dbus-daemon
-
/bin/false
/bin/false
/usr/bin/dbus-run-session
-
/usr/bin/gnome-session
gnome-session --autostart /usr/share/gdm/greeter/autostart
/usr/libexec/gnome-session-binary
/usr/libexec/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart
/usr/libexec/gnome-session-binary
-
/usr/libexec/gnome-session-check-accelerated
/usr/libexec/gnome-session-check-accelerated
/usr/libexec/gnome-session-check-accelerated
-
/usr/libexec/gnome-session-check-accelerated-gl-helper
/usr/libexec/gnome-session-check-accelerated-gl-helper --print-renderer
/usr/libexec/gnome-session-check-accelerated
-
/usr/libexec/gnome-session-check-accelerated-gles-helper
/usr/libexec/gnome-session-check-accelerated-gles-helper --print-renderer
/usr/libexec/gnome-session-binary
-
/usr/bin/session-migration
session-migration
/usr/libexec/gnome-session-binary
-
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
/usr/bin/gnome-shell
/usr/bin/gnome-shell
/usr/bin/gnome-shell
-
/usr/bin/ibus-daemon
ibus-daemon --panel disable --xim
/usr/bin/ibus-daemon
-
/usr/libexec/ibus-memconf
/usr/libexec/ibus-memconf
/usr/bin/ibus-daemon
-
/usr/bin/ibus-daemon
-
/usr/libexec/ibus-x11
/usr/libexec/ibus-x11 --kill-daemon
/usr/bin/ibus-daemon
-
/usr/libexec/ibus-engine-simple
/usr/libexec/ibus-engine-simple
/usr/libexec/gnome-session-binary
-
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
/usr/libexec/gsd-sharing
/usr/libexec/gsd-sharing
/usr/libexec/gnome-session-binary
-
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom
/usr/libexec/gsd-wacom
/usr/libexec/gsd-wacom
/usr/libexec/gnome-session-binary
-
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-color
/usr/libexec/gsd-color
/usr/libexec/gsd-color
/usr/libexec/gnome-session-binary
-
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard
/usr/libexec/gsd-keyboard
/usr/libexec/gsd-keyboard
/usr/libexec/gnome-session-binary
-
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
/usr/libexec/gsd-print-notifications
/usr/libexec/gsd-print-notifications
/usr/libexec/gsd-print-notifications
-
/usr/libexec/gsd-print-notifications
-
/usr/libexec/gsd-printer
/usr/libexec/gsd-printer
/usr/libexec/gnome-session-binary
-
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
/usr/libexec/gsd-rfkill
/usr/libexec/gsd-rfkill
/usr/libexec/gnome-session-binary
-
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-smartcard
/usr/libexec/gsd-smartcard
/usr/libexec/gsd-smartcard
/usr/libexec/gnome-session-binary
-
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-datetime
/usr/libexec/gsd-datetime
/usr/libexec/gsd-datetime
/usr/libexec/gnome-session-binary
-
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys
/usr/libexec/gsd-media-keys
/usr/libexec/gsd-media-keys
/usr/libexec/gnome-session-binary
-
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-screensaver-proxy
/usr/libexec/gsd-screensaver-proxy
/usr/libexec/gsd-screensaver-proxy
/usr/libexec/gnome-session-binary
-
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sound
/usr/libexec/gsd-sound
/usr/libexec/gsd-sound
/usr/libexec/gnome-session-binary
-
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-a11y-settings
/usr/libexec/gsd-a11y-settings
/usr/libexec/gsd-a11y-settings
/usr/libexec/gnome-session-binary
-
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
/usr/libexec/gsd-housekeeping
/usr/libexec/gsd-housekeeping
/usr/libexec/gnome-session-binary
-
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-power
/usr/libexec/gsd-power
/usr/libexec/gsd-power
/usr/libexec/gnome-session-binary
-
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/spice-vdagent
/usr/bin/spice-vdagent
/usr/bin/spice-vdagent
/usr/libexec/gnome-session-binary
-
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh xbrlapi -q
/usr/bin/xbrlapi
xbrlapi -q
/usr/sbin/gdm3
-
/etc/gdm3/PrimeOff/Default
/etc/gdm3/PrimeOff/Default
/usr/sbin/gdm3
-
/etc/gdm3/PrimeOff/Default
/etc/gdm3/PrimeOff/Default
/usr/lib/systemd/systemd
-
/usr/lib/accountsservice/accounts-daemon
/usr/lib/accountsservice/accounts-daemon
/usr/lib/accountsservice/accounts-daemon
-
/usr/share/language-tools/language-validate
/usr/share/language-tools/language-validate en_US.UTF-8
/usr/share/language-tools/language-validate
-
/usr/share/language-tools/language-options
/usr/share/language-tools/language-options
/usr/share/language-tools/language-options
-
/bin/sh
sh -c "locale -a | grep -F .utf8 "
/bin/sh
-
/usr/bin/locale
locale -a
/bin/sh
-
/usr/bin/grep
grep -F .utf8
/usr/lib/systemd/systemd
-
/usr/lib/policykit-1/polkitd
/usr/lib/policykit-1/polkitd --no-debug
/usr/lib/systemd/systemd
-
/usr/bin/dbus-daemon
/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
/usr/lib/systemd/systemd
-
/lib/systemd/systemd-localed
/lib/systemd/systemd-localed
/usr/lib/systemd/systemd
-
/usr/lib/upower/upowerd
/usr/lib/upower/upowerd
/usr/lib/systemd/systemd
-
/usr/bin/pulseaudio
/usr/bin/pulseaudio --daemonize=no --log-target=journal
/usr/lib/systemd/systemd
-
/usr/libexec/geoclue
/usr/libexec/geoclue
/usr/lib/systemd/systemd
-
/usr/libexec/rtkit-daemon
/usr/libexec/rtkit-daemon
/usr/lib/systemd/systemd
-
/sbin/wpa_supplicant
/sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
/usr/lib/systemd/systemd
-
/usr/sbin/avahi-daemon
/usr/sbin/avahi-daemon -s
/usr/sbin/avahi-daemon
-
/usr/lib/systemd/systemd
-
/usr/lib/packagekit/packagekitd
/usr/lib/packagekit/packagekitd
/usr/lib/packagekit/packagekitd
-
/usr/bin/dpkg
/usr/bin/dpkg --print-foreign-architectures
/usr/lib/systemd/systemd
-
/lib/systemd/systemd-hostnamed
/lib/systemd/systemd-hostnamed
/usr/lib/systemd/systemd
-
/usr/libexec/colord
/usr/libexec/colord
/usr/libexec/colord
-
/usr/libexec/colord-sane
/usr/libexec/colord-sane
/usr/lib/systemd/systemd
-
/usr/sbin/ModemManager
/usr/sbin/ModemManager --filter-policy=strict
/usr/lib/systemd/systemd
-
/usr/bin/dbus-daemon
/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
/usr/lib/systemd/systemd
-
/usr/bin/pulseaudio
/usr/bin/pulseaudio --daemonize=no --log-target=journal
/usr/lib/systemd/systemd
-
/usr/libexec/fprintd
/usr/libexec/fprintd
There are 280 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://www.rsyslog.com
unknown
http://wiki.x.org
unknown
http://www.ubuntu.com/support)
unknown

Domains

Name
IP
Malicious
daisy.ubuntu.com
162.213.35.24
45.148.10.84
unknown

IPs

IP
Domain
Country
Malicious
89.190.156.145
unknown
United Kingdom

Memdumps

Base Address
Regiontype
Protect
Malicious
7f9e00035000
page read and write
7ffdcbcfc000
page execute read
7f9efffff000
page read and write
7f9e00035000
page read and write
7f9f05ba7000
page read and write
7f9e00029000
page execute read
7f9f07089000
page read and write
565018a3d000
page execute and read and write
7f9e00032000
page read and write
5650167e5000
page execute read
565016a3f000
page read and write
565018a54000
page read and write
7f9f06441000
page read and write
7f9f06a0e000
page read and write
7f9f070ad000
page read and write
7f9f00021000
page read and write
7f9e00039000
page read and write
565018a3d000
page execute and read and write
7f9f070f2000
page read and write
7f9e00029000
page execute read
7ffdcbc4c000
page read and write
7f9e00032000
page read and write
565016a3f000
page read and write
7f9f00021000
page read and write
7f9f06f60000
page read and write
5650167e5000
page execute read
7f9f067a3000
page read and write
7f9f070f2000
page read and write
5650193fb000
page read and write
7f9f06f60000
page read and write
7f9f070ad000
page read and write
565018a54000
page read and write
7f9efffff000
page read and write
7f9f06b9d000
page read and write
7ffdcbc4c000
page read and write
7f9f06d7f000
page read and write
7f9f06b9d000
page read and write
7f9f06441000
page read and write
7f9f06a0e000
page read and write
7f9f067a3000
page read and write
5650193d8000
page read and write
565016a36000
page read and write
565016a36000
page read and write
7f9f07089000
page read and write
5650193d8000
page read and write
7f9f06d7f000
page read and write
7f9f063af000
page read and write
7ffdcbcfc000
page execute read
7f9f063af000
page read and write
7f9f06a31000
page read and write
7f9f05ba7000
page read and write
7f9f06a31000
page read and write
There are 42 hidden memdumps, click here to show them.