IOC Report

loading gif

Files

File Path
Type
Category
Malicious
arm
ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
initial sample
 malicious
/home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-sink
ASCII text
dropped
 clean
/home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-source
ASCII text
dropped
 clean
/proc/5426/oom_score_adj
ASCII text
dropped
 clean
/proc/5472/oom_score_adj
very short file (no magic)
dropped
 clean
/proc/5475/oom_score_adj
very short file (no magic)
dropped
 clean
/proc/5477/oom_score_adj
very short file (no magic)
dropped
 clean
/proc/5479/oom_score_adj
very short file (no magic)
dropped
 clean
/proc/5481/oom_score_adj
very short file (no magic)
dropped
 clean
/proc/5483/oom_score_adj
very short file (no magic)
dropped
 clean
/proc/5486/oom_score_adj
very short file (no magic)
dropped
 clean
/proc/5632/oom_score_adj
very short file (no magic)
dropped
 clean
/proc/5662/oom_score_adj
very short file (no magic)
dropped
 clean
/proc/5665/oom_score_adj
very short file (no magic)
dropped
 clean
/proc/5667/oom_score_adj
very short file (no magic)
dropped
 clean
/proc/5669/oom_score_adj
very short file (no magic)
dropped
 clean
/proc/5671/oom_score_adj
very short file (no magic)
dropped
 clean
/proc/5673/oom_score_adj
very short file (no magic)
dropped
 clean
/proc/5676/oom_score_adj
very short file (no magic)
dropped
 clean
/proc/5980/oom_score_adj
very short file (no magic)
dropped
 clean
/proc/5995/oom_score_adj
very short file (no magic)
dropped
 clean
/proc/6208/oom_score_adj
very short file (no magic)
dropped
 clean
/proc/6277/oom_score_adj
very short file (no magic)
dropped
 clean
/run/sshd.pid
ASCII text
dropped
 clean
/run/user/1000/pulse/pid
ASCII text
dropped
 clean
/run/user/127/ICEauthority
data
dropped
 clean
/run/user/127/dconf/user
very short file (no magic)
dropped
 clean
/run/user/127/gdm/Xauthority
X11 Xauthority data
dropped
 clean
/run/user/127/pulse/pid
ASCII text
dropped
 clean
/tmp/server-0.xkm
Compiled XKB Keymap: lsb, version 15
dropped
 clean
/var/cache/man/5316
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/cs/5316
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/cs/index.db.S87xfb
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/da/5316
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/da/index.db.8cAzyb
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/de/5316
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/de/index.db.dqh7ma
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/es/5316
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/es/index.db.rN2ivc
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/fi/5316
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/fi/index.db.a9Cx89
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/fr.ISO8859-1/5316
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/fr.ISO8859-1/index.db.847Wfb
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/fr.UTF-8/5316
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/fr.UTF-8/index.db.4XiuZc
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/fr/5316
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/fr/index.db.FOdfUc
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/hu/5316
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/hu/index.db.0pz938
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/id/5316
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/id/index.db.n5U5qc
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/index.db.1rTuKc
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/it/5316
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/it/index.db.E7jVrc
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/ja/5316
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/ja/index.db.avEphc
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/ko/5316
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/ko/index.db.yjzkp9
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/nl/5316
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/nl/index.db.1IS3J8
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/pl/5316
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/pl/index.db.ebxeRa
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/pt/5316
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/pt/index.db.PniTJ8
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/pt_BR/5316
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/pt_BR/index.db.JS3Ci9
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/ru/5316
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/ru/index.db.ryY3Ia
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/sl/5316
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/sl/index.db.UHwNP8
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/sr/5316
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/sr/index.db.MzE41c
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/sv/5316
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/sv/index.db.ECnlfa
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/tr/5316
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/tr/index.db.0I7tJb
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/zh_CN/5316
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/zh_CN/index.db.k4cNDa
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/zh_TW/5316
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/zh_TW/index.db.ygJgQ8
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/lib/AccountsService/users/gdm.318TB1
ASCII text
dropped
 clean
/var/lib/AccountsService/users/gdm.O80OB1
ASCII text
dropped
 clean
/var/lib/gdm3/.config/ibus/bus/ee49dfd4fa47433baee88884e2d7de7c-unix-0
ASCII text
dropped
 clean
/var/lib/gdm3/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-sink
very short file (no magic)
dropped
 clean
/var/lib/gdm3/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-source
very short file (no magic)
dropped
 clean
/var/lib/logrotate/status.tmp
ASCII text
dropped
 clean
/var/lib/whoopsie/whoopsie-id.Q53WB1
ASCII text, with no line terminators
dropped
 clean
/var/log/Xorg.0.log
ASCII text
dropped
 clean
/var/log/cups/access_log.1.gz
gzip compressed data, last modified: Wed Oct 20 23:57:29 2021, from Unix
dropped
 clean
/var/log/syslog.1.gz
gzip compressed data, last modified: Wed Oct 20 23:57:29 2021, from Unix
dropped
 clean
There are 80 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
/usr/lib/systemd/systemd
n/a
 clean
/usr/sbin/logrotate
/usr/sbin/logrotate /etc/logrotate.conf
 clean
/usr/sbin/logrotate
n/a
 clean
/bin/gzip
/bin/gzip
 clean
/usr/sbin/logrotate
n/a
 clean
/bin/sh
sh -c "\n\t\tinvoke-rc.d --quiet cups restart > /dev/null\n" logrotate_script "/var/log/cups/*log "
 clean
/bin/sh
n/a
 clean
/usr/sbin/invoke-rc.d
invoke-rc.d --quiet cups restart
 clean
/usr/sbin/invoke-rc.d
n/a
 clean
/sbin/runlevel
/sbin/runlevel
 clean
/usr/sbin/invoke-rc.d
n/a
 clean
/usr/bin/systemctl
systemctl --quiet is-enabled cups.service
 clean
/usr/sbin/invoke-rc.d
n/a
 clean
/usr/bin/ls
ls /etc/rc[S2345].d/S[0-9][0-9]cups
 clean
/usr/sbin/invoke-rc.d
n/a
 clean
/usr/bin/systemctl
systemctl --quiet is-active cups.service
 clean
/usr/sbin/logrotate
n/a
 clean
/bin/gzip
/bin/gzip
 clean
/usr/sbin/logrotate
n/a
 clean
/bin/sh
sh -c /usr/lib/rsyslog/rsyslog-rotate logrotate_script /var/log/syslog
 clean
/bin/sh
n/a
 clean
/usr/lib/rsyslog/rsyslog-rotate
/usr/lib/rsyslog/rsyslog-rotate
 clean
/usr/lib/rsyslog/rsyslog-rotate
n/a
 clean
/usr/bin/systemctl
systemctl kill -s HUP rsyslog.service
 clean
/usr/lib/systemd/systemd
n/a
 clean
/usr/bin/install
/usr/bin/install -d -o man -g man -m 0755 /var/cache/man
 clean
/usr/lib/systemd/systemd
n/a
 clean
/usr/bin/find
/usr/bin/find /var/cache/man -type f -name *.gz -atime +6 -delete
 clean
/usr/lib/systemd/systemd
n/a
 clean
/usr/bin/mandb
/usr/bin/mandb --quiet
 clean
/tmp/arm
/tmp/arm
 clean
/tmp/arm
n/a
 clean
/tmp/arm
n/a
 clean
/tmp/arm
n/a
 clean
/tmp/arm
n/a
 clean
/tmp/arm
n/a
 clean
/tmp/arm
n/a
 clean
/tmp/arm
n/a
 clean
/tmp/arm
n/a
 clean
/tmp/arm
n/a
 clean
/usr/lib/systemd/systemd
n/a
 clean
/usr/bin/whoopsie
/usr/bin/whoopsie -f
 clean
/usr/lib/systemd/systemd
n/a
 clean
/usr/sbin/sshd
/usr/sbin/sshd -t
 clean
/usr/lib/systemd/systemd
n/a
 clean
/usr/sbin/sshd
/usr/sbin/sshd -D
 clean
/usr/sbin/gdm3
n/a
 clean
/etc/gdm3/PrimeOff/Default
/etc/gdm3/PrimeOff/Default
 clean
/usr/sbin/gdm3
n/a
 clean
/etc/gdm3/PrimeOff/Default
/etc/gdm3/PrimeOff/Default
 clean
/usr/lib/systemd/systemd
n/a
 clean
/usr/lib/accountsservice/accounts-daemon
/usr/lib/accountsservice/accounts-daemon
 clean
/usr/lib/accountsservice/accounts-daemon
n/a
 clean
/usr/share/language-tools/language-validate
/usr/share/language-tools/language-validate en_US.UTF-8
 clean
/usr/share/language-tools/language-validate
n/a
 clean
/usr/share/language-tools/language-options
/usr/share/language-tools/language-options
 clean
/usr/share/language-tools/language-options
n/a
 clean
/bin/sh
sh -c "locale -a | grep -F .utf8 "
 clean
/bin/sh
n/a
 clean
/usr/bin/locale
locale -a
 clean
/bin/sh
n/a
 clean
/usr/bin/grep
grep -F .utf8
 clean
/usr/sbin/gdm3
n/a
 clean
/usr/lib/gdm3/gdm-session-worker
"gdm-session-worker [pam/gdm-launch-environment]"
 clean
/usr/lib/gdm3/gdm-session-worker
n/a
 clean
/usr/lib/gdm3/gdm-wayland-session
/usr/lib/gdm3/gdm-wayland-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
 clean
/usr/lib/gdm3/gdm-wayland-session
n/a
 clean
/usr/bin/dbus-run-session
dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
 clean
/usr/bin/dbus-run-session
n/a
 clean
/usr/bin/dbus-daemon
dbus-daemon --nofork --print-address 4 --session
 clean
/usr/bin/dbus-daemon
n/a
 clean
/usr/bin/dbus-daemon
n/a
 clean
/bin/false
/bin/false
 clean
/usr/bin/dbus-daemon
n/a
 clean
/usr/bin/dbus-daemon
n/a
 clean
/bin/false
/bin/false
 clean
/usr/bin/dbus-daemon
n/a
 clean
/usr/bin/dbus-daemon
n/a
 clean
/bin/false
/bin/false
 clean
/usr/bin/dbus-daemon
n/a
 clean
/usr/bin/dbus-daemon
n/a
 clean
/bin/false
/bin/false
 clean
/usr/bin/dbus-daemon
n/a
 clean
/usr/bin/dbus-daemon
n/a
 clean
/bin/false
/bin/false
 clean
/usr/bin/dbus-daemon
n/a
 clean
/usr/bin/dbus-daemon
n/a
 clean
/bin/false
/bin/false
 clean
/usr/bin/dbus-daemon
n/a
 clean
/usr/bin/dbus-daemon
n/a
 clean
/bin/false
/bin/false
 clean
/usr/bin/dbus-run-session
n/a
 clean
/usr/bin/gnome-session
gnome-session --autostart /usr/share/gdm/greeter/autostart
 clean
/usr/libexec/gnome-session-binary
/usr/libexec/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart
 clean
/usr/libexec/gnome-session-binary
n/a
 clean
/usr/bin/session-migration
session-migration
 clean
/usr/libexec/gnome-session-binary
n/a
 clean
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
 clean
/usr/bin/gnome-shell
/usr/bin/gnome-shell
 clean
/usr/sbin/gdm3
n/a
 clean
/usr/lib/gdm3/gdm-session-worker
"gdm-session-worker [pam/gdm-launch-environment]"
 clean
/usr/lib/gdm3/gdm-session-worker
n/a
 clean
/usr/lib/gdm3/gdm-x-session
/usr/lib/gdm3/gdm-x-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
 clean
/usr/lib/gdm3/gdm-x-session
n/a
 clean
/usr/bin/Xorg
/usr/bin/Xorg vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
 clean
/usr/lib/xorg/Xorg.wrap
/usr/lib/xorg/Xorg.wrap vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
 clean
/usr/lib/xorg/Xorg
/usr/lib/xorg/Xorg vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
 clean
/usr/lib/xorg/Xorg
n/a
 clean
/bin/sh
sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
clean
/bin/sh
n/a
 clean
/usr/bin/xkbcomp
/usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
clean
/usr/lib/xorg/Xorg
n/a
 clean
/bin/sh
sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
clean
/bin/sh
n/a
 clean
/usr/bin/xkbcomp
/usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
clean
/usr/lib/gdm3/gdm-x-session
n/a
 clean
/etc/gdm3/Prime/Default
/etc/gdm3/Prime/Default
 clean
/usr/lib/gdm3/gdm-x-session
n/a
 clean
/usr/bin/dbus-run-session
dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
 clean
/usr/bin/dbus-run-session
n/a
 clean
/usr/bin/dbus-daemon
dbus-daemon --nofork --print-address 4 --session
 clean
/usr/bin/dbus-daemon
n/a
 clean
/usr/bin/dbus-daemon
n/a
 clean
/usr/libexec/at-spi-bus-launcher
/usr/libexec/at-spi-bus-launcher
 clean
/usr/libexec/at-spi-bus-launcher
n/a
 clean
/usr/bin/dbus-daemon
/usr/bin/dbus-daemon --config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork --print-address 3
 clean
/usr/bin/dbus-daemon
n/a
 clean
/usr/bin/dbus-daemon
n/a
 clean
/usr/libexec/at-spi2-registryd
/usr/libexec/at-spi2-registryd --use-gnome-session
 clean
/usr/bin/dbus-daemon
n/a
 clean
/usr/bin/dbus-daemon
n/a
 clean
/bin/false
/bin/false
 clean
/usr/bin/dbus-daemon
n/a
 clean
/usr/bin/dbus-daemon
n/a
 clean
/bin/false
/bin/false
 clean
/usr/bin/dbus-daemon
n/a
 clean
/usr/bin/dbus-daemon
n/a
 clean
/bin/false
/bin/false
 clean
/usr/bin/dbus-daemon
n/a
 clean
/usr/bin/dbus-daemon
n/a
 clean
/bin/false
/bin/false
 clean
/usr/bin/dbus-daemon
n/a
 clean
/usr/bin/dbus-daemon
n/a
 clean
/bin/false
/bin/false
 clean
/usr/bin/dbus-daemon
n/a
 clean
/usr/bin/dbus-daemon
n/a
 clean
/bin/false
/bin/false
 clean
/usr/bin/dbus-daemon
n/a
 clean
/usr/bin/dbus-daemon
n/a
 clean
/bin/false
/bin/false
 clean
/usr/bin/dbus-daemon
n/a
 clean
/usr/bin/dbus-daemon
n/a
 clean
/usr/libexec/ibus-portal
/usr/libexec/ibus-portal
 clean
/usr/bin/dbus-daemon
n/a
 clean
/usr/bin/dbus-daemon
n/a
 clean
/usr/bin/gjs
/usr/bin/gjs /usr/share/gnome-shell/org.gnome.Shell.Notifications
 clean
/usr/bin/dbus-daemon
n/a
 clean
/usr/bin/dbus-daemon
n/a
 clean
/bin/false
/bin/false
 clean
/usr/bin/dbus-run-session
n/a
 clean
/usr/bin/gnome-session
gnome-session --autostart /usr/share/gdm/greeter/autostart
 clean
/usr/libexec/gnome-session-binary
/usr/libexec/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart
 clean
/usr/libexec/gnome-session-binary
n/a
 clean
/usr/libexec/gnome-session-check-accelerated
/usr/libexec/gnome-session-check-accelerated
 clean
/usr/libexec/gnome-session-check-accelerated
n/a
 clean
/usr/libexec/gnome-session-check-accelerated-gl-helper
/usr/libexec/gnome-session-check-accelerated-gl-helper --print-renderer
 clean
/usr/libexec/gnome-session-check-accelerated
n/a
 clean
/usr/libexec/gnome-session-check-accelerated-gles-helper
/usr/libexec/gnome-session-check-accelerated-gles-helper --print-renderer
 clean
/usr/libexec/gnome-session-binary
n/a
 clean
/usr/bin/session-migration
session-migration
 clean
/usr/libexec/gnome-session-binary
n/a
 clean
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
 clean
/usr/bin/gnome-shell
/usr/bin/gnome-shell
 clean
/usr/bin/gnome-shell
n/a
 clean
/usr/bin/ibus-daemon
ibus-daemon --panel disable --xim
 clean
/usr/bin/ibus-daemon
n/a
 clean
/usr/libexec/ibus-memconf
/usr/libexec/ibus-memconf
 clean
/usr/bin/ibus-daemon
n/a
 clean
/usr/bin/ibus-daemon
n/a
 clean
/usr/libexec/ibus-x11
/usr/libexec/ibus-x11 --kill-daemon
 clean
/usr/bin/ibus-daemon
n/a
 clean
/usr/libexec/ibus-engine-simple
/usr/libexec/ibus-engine-simple
 clean
/usr/libexec/gnome-session-binary
n/a
 clean
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
 clean
/usr/libexec/gsd-sharing
/usr/libexec/gsd-sharing
 clean
/usr/libexec/gnome-session-binary
n/a
 clean
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom
 clean
/usr/libexec/gsd-wacom
/usr/libexec/gsd-wacom
 clean
/usr/libexec/gnome-session-binary
n/a
 clean
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-color
 clean
/usr/libexec/gsd-color
/usr/libexec/gsd-color
 clean
/usr/libexec/gnome-session-binary
n/a
 clean
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard
 clean
/usr/libexec/gsd-keyboard
/usr/libexec/gsd-keyboard
 clean
/usr/libexec/gnome-session-binary
n/a
 clean
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
 clean
/usr/libexec/gsd-print-notifications
/usr/libexec/gsd-print-notifications
 clean
/usr/libexec/gsd-print-notifications
n/a
 clean
/usr/libexec/gsd-print-notifications
n/a
 clean
/usr/libexec/gsd-printer
/usr/libexec/gsd-printer
 clean
/usr/libexec/gnome-session-binary
n/a
 clean
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
 clean
/usr/libexec/gsd-rfkill
/usr/libexec/gsd-rfkill
 clean
/usr/libexec/gnome-session-binary
n/a
 clean
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-smartcard
 clean
/usr/libexec/gsd-smartcard
/usr/libexec/gsd-smartcard
 clean
/usr/libexec/gnome-session-binary
n/a
 clean
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-datetime
 clean
/usr/libexec/gsd-datetime
/usr/libexec/gsd-datetime
 clean
/usr/libexec/gnome-session-binary
n/a
 clean
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys
 clean
/usr/libexec/gsd-media-keys
/usr/libexec/gsd-media-keys
 clean
/usr/libexec/gnome-session-binary
n/a
 clean
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-screensaver-proxy
 clean
/usr/libexec/gsd-screensaver-proxy
/usr/libexec/gsd-screensaver-proxy
 clean
/usr/libexec/gnome-session-binary
n/a
 clean
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sound
 clean
/usr/libexec/gsd-sound
/usr/libexec/gsd-sound
 clean
/usr/libexec/gnome-session-binary
n/a
 clean
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-a11y-settings
 clean
/usr/libexec/gsd-a11y-settings
/usr/libexec/gsd-a11y-settings
 clean
/usr/libexec/gnome-session-binary
n/a
 clean
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
 clean
/usr/libexec/gsd-housekeeping
/usr/libexec/gsd-housekeeping
 clean
/usr/libexec/gnome-session-binary
n/a
 clean
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-power
 clean
/usr/libexec/gsd-power
/usr/libexec/gsd-power
 clean
/usr/libexec/gnome-session-binary
n/a
 clean
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/spice-vdagent
 clean
/usr/bin/spice-vdagent
/usr/bin/spice-vdagent
 clean
/usr/libexec/gnome-session-binary
n/a
 clean
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh xbrlapi -q
 clean
/usr/bin/xbrlapi
xbrlapi -q
 clean
/usr/sbin/gdm3
n/a
 clean
/etc/gdm3/PrimeOff/Default
/etc/gdm3/PrimeOff/Default
 clean
/usr/sbin/gdm3
n/a
 clean
/etc/gdm3/PrimeOff/Default
/etc/gdm3/PrimeOff/Default
 clean
/usr/sbin/gdm3
n/a
 clean
/etc/gdm3/PrimeOff/Default
/etc/gdm3/PrimeOff/Default
 clean
/usr/lib/systemd/systemd
n/a
 clean
/usr/bin/pulseaudio
/usr/bin/pulseaudio --daemonize=no --log-target=journal
 clean
/usr/libexec/gvfsd-fuse
n/a
 clean
/bin/fusermount
fusermount -u -q -z -- /run/user/1000/gvfs
 clean
/usr/lib/systemd/systemd
n/a
 clean
/lib/systemd/systemd-user-runtime-dir
/lib/systemd/systemd-user-runtime-dir stop 1000
 clean
/usr/lib/systemd/systemd
n/a
 clean
/lib/systemd/systemd-localed
/lib/systemd/systemd-localed
 clean
/usr/lib/systemd/systemd
n/a
 clean
/usr/bin/pulseaudio
/usr/bin/pulseaudio --daemonize=no --log-target=journal
 clean
/usr/lib/systemd/systemd
n/a
 clean
/usr/libexec/geoclue
/usr/libexec/geoclue
 clean
/usr/lib/systemd/systemd
n/a
 clean
/lib/systemd/systemd-hostnamed
/lib/systemd/systemd-hostnamed
 clean
/usr/lib/systemd/systemd
n/a
 clean
/lib/systemd/systemd-localed
/lib/systemd/systemd-localed
 clean
/usr/lib/systemd/systemd
n/a
 clean
/usr/libexec/fprintd
/usr/libexec/fprintd
 clean
There are 247 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://schemas.xmlsoap.org/soap/encoding//%22%3E
unknown
 clean
http://www.baidu.com/search/spider.html)
unknown
 clean
http://www.billybobbot.com/crawler/)
unknown
 clean
http://fast.no/support/crawler.asp)
unknown
 clean
http://schemas.xmlsoap.org/soap/encoding/
unknown
 clean
http://wiki.x.org
unknown
 clean
http://23.94.22.102/bins/mips;
unknown
 clean
http://schemas.xmlsoap.org/soap/envelope/
unknown
 clean
http://upx.sf.net
unknown
 clean
http://feedback.redkolibri.com/
unknown
 clean
http://www.baidu.com/search/spider.htm)
unknown
 clean
http://schemas.xmlsoap.org/soap/envelope//
unknown
 clean
http://www.ubuntu.com/support)
unknown
 clean
There are 3 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
daisy.ubuntu.com
162.213.33.132
 clean

IPs

IP
Domain
Country
Malicious
41.127.73.180
unknown
South Africa
clean
197.47.156.113
unknown
Egypt
clean
116.123.188.31
unknown
Korea Republic of
clean
41.215.4.49
unknown
Kenya
clean
197.86.54.124
unknown
South Africa
clean
67.214.165.244
unknown
United States
clean
197.141.7.49
unknown
Algeria
clean
156.193.80.170
unknown
Egypt
clean
98.150.50.118
unknown
United States
clean
41.14.214.62
unknown
South Africa
clean
212.175.254.52
unknown
Turkey
clean
197.60.132.56
unknown
Egypt
clean
156.133.239.102
unknown
Luxembourg
clean
220.58.199.84
unknown
Japan
clean
34.53.140.87
unknown
United States
clean
5.172.117.173
unknown
Italy
clean
156.174.55.165
unknown
Egypt
clean
208.61.249.200
unknown
United States
clean
41.68.96.125
unknown
Egypt
clean
210.136.146.227
unknown
Japan
clean
35.198.197.216
unknown
United States
clean
154.241.231.18
unknown
Algeria
clean
102.201.0.33
unknown
unknown
clean
178.114.241.48
unknown
Austria
clean
80.132.249.126
unknown
Germany
clean
181.189.142.224
unknown
Guatemala
clean
197.91.89.244
unknown
South Africa
clean
156.67.60.64
unknown
Spain
clean
41.210.115.187
unknown
unknown
clean
197.191.9.241
unknown
Ghana
clean
41.163.216.196
unknown
South Africa
clean
197.238.77.132
unknown
unknown
clean
179.93.120.169
unknown
Brazil
clean
156.174.55.149
unknown
Egypt
clean
41.169.50.107
unknown
South Africa
clean
65.12.15.113
unknown
United States
clean
156.144.112.196
unknown
United States
clean
197.81.28.100
unknown
South Africa
clean
197.67.168.126
unknown
South Africa
clean
96.214.8.56
unknown
United States
clean
90.27.204.129
unknown
France
clean
197.165.56.23
unknown
Egypt
clean
156.254.22.239
unknown
Seychelles
clean
41.195.174.174
unknown
South Africa
clean
126.14.53.29
unknown
Japan
clean
41.138.189.41
unknown
Nigeria
clean
156.31.97.54
unknown
Brunei Darussalam
clean
197.70.186.123
unknown
South Africa
clean
223.33.122.199
unknown
Korea Republic of
clean
104.88.11.46
unknown
United States
clean
41.98.223.110
unknown
Algeria
clean
44.119.187.72
unknown
United States
clean
19.166.233.106
unknown
United States
clean
208.62.239.127
unknown
United States
clean
107.247.243.54
unknown
United States
clean
41.82.166.190
unknown
Senegal
clean
75.161.159.225
unknown
United States
clean
154.230.147.127
unknown
Uganda
clean
41.92.95.74
unknown
Morocco
clean
197.70.138.237
unknown
South Africa
clean
41.251.205.235
unknown
Morocco
clean
41.66.91.111
unknown
South Africa
clean
41.219.35.198
unknown
Senegal
clean
163.4.152.107
unknown
United States
clean
44.199.68.226
unknown
United States
clean
144.152.86.32
unknown
United States
clean
197.250.1.128
unknown
Tanzania United Republic of
clean
156.158.248.172
unknown
Tanzania United Republic of
clean
59.172.201.214
unknown
China
clean
205.241.62.172
unknown
United States
clean
197.179.254.35
unknown
Kenya
clean
201.21.20.72
unknown
Brazil
clean
197.10.137.63
unknown
Tunisia
clean
58.203.24.157
unknown
China
clean
41.65.235.145
unknown
Egypt
clean
41.122.213.33
unknown
South Africa
clean
115.136.177.106
unknown
Korea Republic of
clean
156.188.232.23
unknown
Egypt
clean
41.242.158.94
unknown
unknown
clean
201.174.98.231
unknown
Mexico
clean
131.97.38.24
unknown
Sweden
clean
156.155.119.251
unknown
South Africa
clean
156.17.39.226
unknown
Poland
clean
176.191.175.199
unknown
France
clean
156.147.203.60
unknown
Korea Republic of
clean
41.85.112.181
unknown
South Africa
clean
197.89.172.98
unknown
South Africa
clean
182.119.170.146
unknown
China
clean
115.130.61.222
unknown
Australia
clean
155.194.120.135
unknown
Canada
clean
180.187.203.78
unknown
China
clean
41.103.227.4
unknown
Algeria
clean
41.91.11.130
unknown
Egypt
clean
126.184.84.191
unknown
Japan
clean
41.38.134.238
unknown
Egypt
clean
54.103.47.156
unknown
United States
clean
24.246.58.91
unknown
Canada
clean
62.71.201.238
unknown
Finland
clean
156.99.130.47
unknown
United States
clean
197.169.67.100
unknown
South Africa
clean
There are 90 hidden IPs, click here to show them.