IOC Report
na.elf

loading gif

Files

File Path
Type
Category
Malicious
na.elf
ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped
initial sample
 malicious
/var/log/wtmp
data
dropped
 malicious
/home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-sink
ASCII text
dropped
/home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-source
ASCII text
dropped
/proc/5631/oom_score_adj
very short file (no magic)
dropped
/proc/5634/oom_score_adj
very short file (no magic)
dropped
/proc/5636/oom_score_adj
very short file (no magic)
dropped
/proc/5638/oom_score_adj
very short file (no magic)
dropped
/proc/5640/oom_score_adj
very short file (no magic)
dropped
/proc/5642/oom_score_adj
very short file (no magic)
dropped
/proc/5645/oom_score_adj
very short file (no magic)
dropped
/proc/5724/oom_score_adj
very short file (no magic)
dropped
/proc/5752/oom_score_adj
very short file (no magic)
dropped
/proc/5755/oom_score_adj
very short file (no magic)
dropped
/proc/5757/oom_score_adj
very short file (no magic)
dropped
/proc/5761/oom_score_adj
very short file (no magic)
dropped
/proc/5763/oom_score_adj
very short file (no magic)
dropped
/proc/5765/oom_score_adj
very short file (no magic)
dropped
/proc/5768/oom_score_adj
very short file (no magic)
dropped
/proc/5947/oom_score_adj
very short file (no magic)
dropped
/proc/6105/oom_score_adj
very short file (no magic)
dropped
/proc/6126/oom_score_adj
very short file (no magic)
dropped
/proc/6340/oom_score_adj
very short file (no magic)
dropped
/run/avahi-daemon/pid
ASCII text
dropped
/run/gdm3.pid
ASCII text
dropped
/run/systemd/inhibit/.#12u1eDV
ASCII text
dropped
/run/systemd/inhibit/.#2GDtJoU
ASCII text
dropped
/run/systemd/inhibit/.#3eaWt7X
ASCII text
dropped
/run/systemd/inhibit/.#4JVsO5X
ASCII text
dropped
/run/systemd/seats/.#seat0Njj6ZU
ASCII text
dropped
/run/systemd/seats/.#seat0kTR4KW
ASCII text
dropped
/run/systemd/seats/.#seat0lczUtX
ASCII text
dropped
/run/systemd/seats/.#seat0o48q5T
ASCII text
dropped
/run/systemd/seats/.#seat0qVyVCX
ASCII text
dropped
/run/systemd/seats/.#seat0ssUUOX
ASCII text
dropped
/run/systemd/seats/.#seat0wrsKvV
ASCII text
dropped
/run/systemd/sessions/.#c1Bv606W
ASCII text
dropped
/run/systemd/sessions/.#c1EgYguU
ASCII text
dropped
/run/systemd/sessions/.#c1GAD4dV
ASCII text
dropped
/run/systemd/sessions/.#c1MneO4T
ASCII text
dropped
/run/systemd/sessions/.#c1R3Lb3T
ASCII text
dropped
/run/systemd/sessions/.#c1Rq5OdU
ASCII text
dropped
/run/systemd/sessions/.#c1uo1PVW
ASCII text
dropped
/run/systemd/sessions/.#c20EhCSW
ASCII text
dropped
/run/systemd/sessions/.#c21LkI5X
ASCII text
dropped
/run/systemd/sessions/.#c26Q9cQU
ASCII text
dropped
/run/systemd/sessions/.#c28pv7aX
ASCII text
dropped
/run/systemd/sessions/.#c2JFu0eV
ASCII text
dropped
/run/systemd/sessions/.#c2gOKhDV
ASCII text
dropped
/run/systemd/sessions/.#c2q2utUX
ASCII text
dropped
/run/systemd/sessions/.#c2y2QSzX
ASCII text
dropped
/run/systemd/users/.#12735aB7T
ASCII text
dropped
/run/systemd/users/.#1275KRIlW
ASCII text
dropped
/run/systemd/users/.#127A7YetV
ASCII text
dropped
/run/systemd/users/.#127IOV4PT
ASCII text
dropped
/run/systemd/users/.#127Iyp7fW
ASCII text
dropped
/run/systemd/users/.#127SBljFX
ASCII text
dropped
/run/systemd/users/.#127UnD19W
ASCII text
dropped
/run/systemd/users/.#127Yfq1fX
ASCII text
dropped
/run/systemd/users/.#127Z7FW4T
ASCII text
dropped
/run/systemd/users/.#127qlsbhV
ASCII text
dropped
/run/systemd/users/.#127sLJRrU
ASCII text
dropped
/run/systemd/users/.#127xykiMX
ASCII text
dropped
/run/user/1000/pulse/pid
ASCII text
dropped
/run/user/127/ICEauthority
TTComp archive data, binary, 1K dictionary
dropped
/run/user/127/dconf/user
very short file (no magic)
dropped
/run/user/127/gdm/Xauthority
X11 Xauthority data
dropped
/run/user/127/pulse/pid
ASCII text
dropped
/run/utmp
data
dropped
/tmp/qemu-open.Wn0gnn (deleted)
data
dropped
/tmp/qemu-open.mglKoN (deleted)
data
dropped
/tmp/server-0.xkm
Compiled XKB Keymap: lsb, version 15
dropped
/var/lib/AccountsService/users/gdm.EUQDV2
ASCII text
dropped
/var/lib/AccountsService/users/gdm.VZ1NV2
ASCII text
dropped
/var/lib/gdm3/.config/ibus/bus/ee49dfd4fa47433baee88884e2d7de7c-unix-0
ASCII text
dropped
/var/lib/gdm3/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-sink
very short file (no magic)
dropped
/var/lib/gdm3/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-source
very short file (no magic)
dropped
/var/lib/ubuntu-drivers-common/last_gfx_boot
ASCII text
dropped
/var/log/Xorg.0.log
JSON data
dropped
/var/log/auth.log
ASCII text
dropped
/var/log/gpu-manager.log
ASCII text
dropped
/var/log/kern.log
ASCII text
dropped
/var/log/syslog
ASCII text
dropped
There are 73 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
/tmp/na.elf
/tmp/na.elf
/tmp/na.elf
-
/tmp/na.elf
-
/tmp/na.elf
-
/tmp/na.elf
-
/tmp/na.elf
-
/tmp/na.elf
-
/tmp/na.elf
-
/tmp/na.elf
-
/usr/sbin/gdm3
-
/etc/gdm3/PrimeOff/Default
/etc/gdm3/PrimeOff/Default
/usr/lib/systemd/systemd
-
/usr/bin/dbus-daemon
/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
/usr/lib/systemd/systemd
-
/usr/bin/pulseaudio
/usr/bin/pulseaudio --daemonize=no --log-target=journal
/usr/lib/systemd/systemd
-
/usr/sbin/rsyslogd
/usr/sbin/rsyslogd -n -iNONE
/usr/sbin/gdm3
-
/etc/gdm3/PrimeOff/Default
/etc/gdm3/PrimeOff/Default
/usr/sbin/gdm3
-
/etc/gdm3/PrimeOff/Default
/etc/gdm3/PrimeOff/Default
/usr/libexec/gvfsd-fuse
-
/bin/fusermount
fusermount -u -q -z -- /run/user/1000/gvfs
/usr/lib/systemd/systemd
-
/usr/libexec/rtkit-daemon
/usr/libexec/rtkit-daemon
/usr/lib/systemd/systemd
-
/lib/systemd/systemd-logind
/lib/systemd/systemd-logind
/usr/lib/systemd/systemd
-
/usr/lib/policykit-1/polkitd
/usr/lib/policykit-1/polkitd --no-debug
/usr/lib/systemd/systemd
-
/usr/bin/gpu-manager
/usr/bin/gpu-manager --log /var/log/gpu-manager.log
/usr/bin/gpu-manager
-
/bin/sh
sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
/bin/sh
-
/usr/bin/grep
grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
/usr/bin/gpu-manager
-
/bin/sh
sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
/bin/sh
-
/usr/bin/grep
grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
/usr/bin/gpu-manager
-
/bin/sh
sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
/bin/sh
-
/usr/bin/grep
grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
/usr/bin/gpu-manager
-
/bin/sh
sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
/bin/sh
-
/usr/bin/grep
grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
/usr/bin/gpu-manager
-
/bin/sh
sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
/bin/sh
-
/usr/bin/grep
grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
/usr/bin/gpu-manager
-
/bin/sh
sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
/bin/sh
-
/usr/bin/grep
grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
/usr/bin/gpu-manager
-
/bin/sh
sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
/bin/sh
-
/usr/bin/grep
grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
/usr/bin/gpu-manager
-
/bin/sh
sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
/bin/sh
-
/usr/bin/grep
grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
/usr/lib/systemd/systemd
-
/sbin/agetty
/sbin/agetty -o "-p -- \\u" --noclear tty2 linux
/usr/lib/systemd/systemd
-
/usr/share/gdm/generate-config
/usr/share/gdm/generate-config
/usr/share/gdm/generate-config
-
/usr/bin/pkill
pkill --signal HUP --uid gdm dconf-service
/usr/lib/systemd/systemd
-
/usr/lib/gdm3/gdm-wait-for-drm
/usr/lib/gdm3/gdm-wait-for-drm
/usr/lib/systemd/systemd
-
/usr/sbin/gdm3
/usr/sbin/gdm3
/usr/sbin/gdm3
-
/usr/bin/plymouth
plymouth --ping
/usr/sbin/gdm3
-
/usr/lib/gdm3/gdm-session-worker
"gdm-session-worker [pam/gdm-launch-environment]"
/usr/lib/gdm3/gdm-session-worker
-
/usr/lib/gdm3/gdm-wayland-session
/usr/lib/gdm3/gdm-wayland-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
/usr/lib/gdm3/gdm-wayland-session
-
/usr/bin/dbus-run-session
dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
/usr/bin/dbus-run-session
-
/usr/bin/dbus-daemon
dbus-daemon --nofork --print-address 4 --session
/usr/bin/dbus-daemon
-
/usr/bin/dbus-daemon
-
/bin/false
/bin/false
/usr/bin/dbus-daemon
-
/usr/bin/dbus-daemon
-
/bin/false
/bin/false
/usr/bin/dbus-daemon
-
/usr/bin/dbus-daemon
-
/bin/false
/bin/false
/usr/bin/dbus-daemon
-
/usr/bin/dbus-daemon
-
/bin/false
/bin/false
/usr/bin/dbus-daemon
-
/usr/bin/dbus-daemon
-
/bin/false
/bin/false
/usr/bin/dbus-daemon
-
/usr/bin/dbus-daemon
-
/bin/false
/bin/false
/usr/bin/dbus-daemon
-
/usr/bin/dbus-daemon
-
/bin/false
/bin/false
/usr/bin/dbus-run-session
-
/usr/bin/gnome-session
gnome-session --autostart /usr/share/gdm/greeter/autostart
/usr/libexec/gnome-session-binary
/usr/libexec/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart
/usr/libexec/gnome-session-binary
-
/usr/bin/session-migration
session-migration
/usr/libexec/gnome-session-binary
-
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
/usr/bin/gnome-shell
/usr/bin/gnome-shell
/usr/sbin/gdm3
-
/usr/lib/gdm3/gdm-session-worker
"gdm-session-worker [pam/gdm-launch-environment]"
/usr/lib/gdm3/gdm-session-worker
-
/usr/lib/gdm3/gdm-x-session
/usr/lib/gdm3/gdm-x-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
/usr/lib/gdm3/gdm-x-session
-
/usr/bin/Xorg
/usr/bin/Xorg vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
/usr/lib/xorg/Xorg.wrap
/usr/lib/xorg/Xorg.wrap vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
/usr/lib/xorg/Xorg
/usr/lib/xorg/Xorg vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3
/usr/lib/xorg/Xorg
-
/bin/sh
sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
/bin/sh
-
/usr/bin/xkbcomp
/usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
/usr/lib/xorg/Xorg
-
/bin/sh
sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
/bin/sh
-
/usr/bin/xkbcomp
/usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
/usr/lib/gdm3/gdm-x-session
-
/etc/gdm3/Prime/Default
/etc/gdm3/Prime/Default
/usr/lib/gdm3/gdm-x-session
-
/usr/bin/dbus-run-session
dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart
/usr/bin/dbus-run-session
-
/usr/bin/dbus-daemon
dbus-daemon --nofork --print-address 4 --session
/usr/bin/dbus-daemon
-
/usr/bin/dbus-daemon
-
/usr/libexec/at-spi-bus-launcher
/usr/libexec/at-spi-bus-launcher
/usr/libexec/at-spi-bus-launcher
-
/usr/bin/dbus-daemon
/usr/bin/dbus-daemon --config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork --print-address 3
/usr/bin/dbus-daemon
-
/usr/bin/dbus-daemon
-
/usr/libexec/at-spi2-registryd
/usr/libexec/at-spi2-registryd --use-gnome-session
/usr/bin/dbus-daemon
-
/usr/bin/dbus-daemon
-
/bin/false
/bin/false
/usr/bin/dbus-daemon
-
/usr/bin/dbus-daemon
-
/bin/false
/bin/false
/usr/bin/dbus-daemon
-
/usr/bin/dbus-daemon
-
/bin/false
/bin/false
/usr/bin/dbus-daemon
-
/usr/bin/dbus-daemon
-
/bin/false
/bin/false
/usr/bin/dbus-daemon
-
/usr/bin/dbus-daemon
-
/bin/false
/bin/false
/usr/bin/dbus-daemon
-
/usr/bin/dbus-daemon
-
/bin/false
/bin/false
/usr/bin/dbus-daemon
-
/usr/bin/dbus-daemon
-
/bin/false
/bin/false
/usr/bin/dbus-daemon
-
/usr/bin/dbus-daemon
-
/usr/libexec/ibus-portal
/usr/libexec/ibus-portal
/usr/bin/dbus-daemon
-
/usr/bin/dbus-daemon
-
/usr/bin/gjs
/usr/bin/gjs /usr/share/gnome-shell/org.gnome.Shell.Notifications
/usr/bin/dbus-daemon
-
/usr/bin/dbus-daemon
-
/bin/false
/bin/false
/usr/bin/dbus-run-session
-
/usr/bin/gnome-session
gnome-session --autostart /usr/share/gdm/greeter/autostart
/usr/libexec/gnome-session-binary
/usr/libexec/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart
/usr/libexec/gnome-session-binary
-
/usr/libexec/gnome-session-check-accelerated
/usr/libexec/gnome-session-check-accelerated
/usr/libexec/gnome-session-check-accelerated
-
/usr/libexec/gnome-session-check-accelerated-gl-helper
/usr/libexec/gnome-session-check-accelerated-gl-helper --print-renderer
/usr/libexec/gnome-session-check-accelerated
-
/usr/libexec/gnome-session-check-accelerated-gles-helper
/usr/libexec/gnome-session-check-accelerated-gles-helper --print-renderer
/usr/libexec/gnome-session-binary
-
/usr/bin/session-migration
session-migration
/usr/libexec/gnome-session-binary
-
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
/usr/bin/gnome-shell
/usr/bin/gnome-shell
/usr/bin/gnome-shell
-
/usr/bin/ibus-daemon
ibus-daemon --panel disable --xim
/usr/bin/ibus-daemon
-
/usr/libexec/ibus-memconf
/usr/libexec/ibus-memconf
/usr/bin/ibus-daemon
-
/usr/bin/ibus-daemon
-
/usr/libexec/ibus-x11
/usr/libexec/ibus-x11 --kill-daemon
/usr/bin/ibus-daemon
-
/usr/libexec/ibus-engine-simple
/usr/libexec/ibus-engine-simple
/usr/libexec/gnome-session-binary
-
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
/usr/libexec/gsd-sharing
/usr/libexec/gsd-sharing
/usr/libexec/gnome-session-binary
-
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom
/usr/libexec/gsd-wacom
/usr/libexec/gsd-wacom
/usr/libexec/gnome-session-binary
-
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-color
/usr/libexec/gsd-color
/usr/libexec/gsd-color
/usr/libexec/gnome-session-binary
-
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard
/usr/libexec/gsd-keyboard
/usr/libexec/gsd-keyboard
/usr/libexec/gnome-session-binary
-
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
/usr/libexec/gsd-print-notifications
/usr/libexec/gsd-print-notifications
/usr/libexec/gsd-print-notifications
-
/usr/libexec/gsd-print-notifications
-
/usr/libexec/gsd-printer
/usr/libexec/gsd-printer
/usr/libexec/gnome-session-binary
-
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
/usr/libexec/gsd-rfkill
/usr/libexec/gsd-rfkill
/usr/libexec/gnome-session-binary
-
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-smartcard
/usr/libexec/gsd-smartcard
/usr/libexec/gsd-smartcard
/usr/libexec/gnome-session-binary
-
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-datetime
/usr/libexec/gsd-datetime
/usr/libexec/gsd-datetime
/usr/libexec/gnome-session-binary
-
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys
/usr/libexec/gsd-media-keys
/usr/libexec/gsd-media-keys
/usr/libexec/gnome-session-binary
-
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-screensaver-proxy
/usr/libexec/gsd-screensaver-proxy
/usr/libexec/gsd-screensaver-proxy
/usr/libexec/gnome-session-binary
-
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sound
/usr/libexec/gsd-sound
/usr/libexec/gsd-sound
/usr/libexec/gnome-session-binary
-
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-a11y-settings
/usr/libexec/gsd-a11y-settings
/usr/libexec/gsd-a11y-settings
/usr/libexec/gnome-session-binary
-
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
/usr/libexec/gsd-housekeeping
/usr/libexec/gsd-housekeeping
/usr/libexec/gnome-session-binary
-
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-power
/usr/libexec/gsd-power
/usr/libexec/gsd-power
/usr/libexec/gnome-session-binary
-
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/spice-vdagent
/usr/bin/spice-vdagent
/usr/bin/spice-vdagent
/usr/libexec/gnome-session-binary
-
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh xbrlapi -q
/usr/bin/xbrlapi
xbrlapi -q
/usr/sbin/gdm3
-
/etc/gdm3/PrimeOff/Default
/etc/gdm3/PrimeOff/Default
/usr/sbin/gdm3
-
/etc/gdm3/PrimeOff/Default
/etc/gdm3/PrimeOff/Default
/usr/lib/systemd/systemd
-
/usr/lib/accountsservice/accounts-daemon
/usr/lib/accountsservice/accounts-daemon
/usr/lib/accountsservice/accounts-daemon
-
/usr/share/language-tools/language-validate
/usr/share/language-tools/language-validate en_US.UTF-8
/usr/share/language-tools/language-validate
-
/usr/share/language-tools/language-options
/usr/share/language-tools/language-options
/usr/share/language-tools/language-options
-
/bin/sh
sh -c "locale -a | grep -F .utf8 "
/bin/sh
-
/usr/bin/locale
locale -a
/bin/sh
-
/usr/bin/grep
grep -F .utf8
/usr/lib/systemd/systemd
-
/usr/bin/dbus-daemon
/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
/usr/lib/systemd/systemd
-
/lib/systemd/systemd-localed
/lib/systemd/systemd-localed
/usr/lib/systemd/systemd
-
/usr/lib/upower/upowerd
/usr/lib/upower/upowerd
/usr/lib/systemd/systemd
-
/usr/bin/pulseaudio
/usr/bin/pulseaudio --daemonize=no --log-target=journal
/usr/lib/systemd/systemd
-
/usr/libexec/geoclue
/usr/libexec/geoclue
/usr/lib/systemd/systemd
-
/sbin/wpa_supplicant
/sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
/usr/lib/systemd/systemd
-
/usr/bin/dbus-daemon
/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
/usr/lib/systemd/systemd
-
/usr/sbin/avahi-daemon
/usr/sbin/avahi-daemon -s
/usr/sbin/avahi-daemon
-
/usr/lib/systemd/systemd
-
/usr/lib/packagekit/packagekitd
/usr/lib/packagekit/packagekitd
/usr/lib/packagekit/packagekitd
-
/usr/bin/dpkg
/usr/bin/dpkg --print-foreign-architectures
/usr/lib/systemd/systemd
-
/usr/bin/pulseaudio
/usr/bin/pulseaudio --daemonize=no --log-target=journal
/usr/lib/systemd/systemd
-
/lib/systemd/systemd-hostnamed
/lib/systemd/systemd-hostnamed
/usr/lib/systemd/systemd
-
/usr/sbin/ModemManager
/usr/sbin/ModemManager --filter-policy=strict
/usr/lib/systemd/systemd
-
/usr/libexec/colord
/usr/libexec/colord
/usr/libexec/colord
-
/usr/libexec/colord-sane
/usr/libexec/colord-sane
/usr/lib/systemd/systemd
-
/lib/systemd/systemd-localed
/lib/systemd/systemd-localed
/usr/lib/systemd/systemd
-
/usr/libexec/fprintd
/usr/libexec/fprintd
There are 287 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://www.rsyslog.com
unknown
http://wiki.x.org
unknown
http://www.ubuntu.com/support)
unknown

Domains

Name
IP
Malicious
byte-mirai.kro.kr
154.216.20.119

IPs

IP
Domain
Country
Malicious
53.189.202.204
unknown
Germany
177.107.116.96
unknown
Brazil
159.182.65.118
unknown
United States
119.189.17.175
unknown
China
137.146.160.13
unknown
United States
85.218.82.205
unknown
Switzerland
210.235.243.196
unknown
Japan
69.166.39.47
unknown
United States
94.25.27.73
unknown
Russian Federation
204.30.100.159
unknown
United States
196.158.82.219
unknown
Egypt
66.157.249.129
unknown
United States
161.31.26.185
unknown
United States
84.139.209.153
unknown
Germany
49.228.126.124
unknown
Thailand
197.90.198.156
unknown
South Africa
95.7.215.185
unknown
Turkey
89.205.31.171
unknown
Macedonia
169.153.233.5
unknown
United States
79.85.35.8
unknown
France
12.224.246.67
unknown
United States
169.119.23.39
unknown
United States
149.118.255.206
unknown
United States
179.18.249.94
unknown
Colombia
129.91.29.93
unknown
United States
118.68.42.183
unknown
Viet Nam
133.235.6.84
unknown
Japan
133.119.10.98
unknown
Japan
34.199.141.141
unknown
United States
164.52.64.123
unknown
China
77.67.63.231
unknown
Germany
144.124.148.177
unknown
United Kingdom
78.211.212.29
unknown
France
212.135.206.254
unknown
United Kingdom
101.182.144.68
unknown
Australia
116.104.47.218
unknown
Viet Nam
159.114.249.109
unknown
United Kingdom
43.78.4.239
unknown
Japan
220.234.178.130
unknown
China
88.143.248.115
unknown
France
147.187.117.9
unknown
United States
66.0.112.211
unknown
United States
158.169.254.157
unknown
Luxembourg
191.242.141.226
unknown
Brazil
90.192.174.0
unknown
United Kingdom
114.87.152.200
unknown
China
198.73.224.223
unknown
United States
154.73.89.108
unknown
South Sudan
40.183.20.29
unknown
United States
103.75.115.190
unknown
China
218.177.66.152
unknown
Japan
188.65.123.191
unknown
France
152.160.245.178
unknown
United States
107.195.173.224
unknown
United States
43.110.113.74
unknown
Japan
171.176.165.237
unknown
United States
170.224.130.3
unknown
United States
135.1.165.76
unknown
United States
81.255.86.140
unknown
France
103.169.22.73
unknown
unknown
202.155.217.209
unknown
Hong Kong
74.32.182.143
unknown
United States
172.171.26.238
unknown
United States
97.160.170.244
unknown
United States
41.227.43.11
unknown
Tunisia
204.219.74.130
unknown
United States
9.193.186.221
unknown
United States
113.35.237.13
unknown
Japan
60.174.151.86
unknown
China
219.176.161.107
unknown
Japan
64.69.134.5
unknown
United States
122.4.123.192
unknown
China
88.132.94.7
unknown
Hungary
4.98.147.176
unknown
United States
196.143.151.25
unknown
Egypt
208.187.168.228
unknown
United States
66.171.26.183
unknown
United States
194.168.237.211
unknown
United Kingdom
199.255.119.29
unknown
Puerto Rico
99.108.133.106
unknown
United States
90.18.247.132
unknown
France
86.27.49.66
unknown
United Kingdom
171.128.174.101
unknown
United States
137.186.184.156
unknown
Canada
209.111.81.177
unknown
United States
105.26.231.236
unknown
Mauritius
152.187.134.111
unknown
United States
93.210.14.141
unknown
Germany
17.237.253.141
unknown
United States
139.176.251.73
unknown
China
62.31.100.60
unknown
United Kingdom
32.22.246.59
unknown
United States
148.11.87.107
unknown
United States
1.13.172.28
unknown
China
89.11.228.59
unknown
Norway
82.167.56.133
unknown
Saudi Arabia
27.193.150.172
unknown
China
125.247.125.247
unknown
Korea Republic of
17.131.192.141
unknown
United States
117.147.55.218
unknown
China
There are 90 hidden IPs, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
7ff4c8013000
page execute read
 malicious
7ff4c8013000
page execute read
 malicious
7ff4c8013000
page execute read
 malicious
7ff4c8013000
page execute read
 malicious
7ff4c8013000
page execute read
 malicious
7ff4c8013000
page execute read
 malicious
7ffe7e3d5000
page execute read
7ff54edae000
page read and write
7ff548000000
page read and write
7ff54f76f000
page read and write
5591b8bf6000
page read and write
7ff54f03d000
page read and write
5591b8bf6000
page read and write
7ff4c8018000
page read and write
7ff54f898000
page read and write
7ff54f8a0000
page read and write
5591babf4000
page execute and read and write
7ff54eda0000
page read and write
7ff4c8018000
page read and write
7ff54f3ff000
page read and write
7ffe7e389000
page read and write
5591b8bee000
page read and write
5591bc22f000
page read and write
7ff54f424000
page read and write
5591b89bc000
page execute read
7ffe7e3d5000
page execute read
7ff54f76f000
page read and write
7ff54f424000
page read and write
7ff54f424000
page read and write
5591babf4000
page execute and read and write
7ff54f8e5000
page read and write
7ff54f8e5000
page read and write
7ffe7e389000
page read and write
7ff54f898000
page read and write
7ff548000000
page read and write
7ffe7e3d5000
page execute read
7ff54f03d000
page read and write
7ff54e59d000
page read and write
7ff54f424000
page read and write
7ff54eda0000
page read and write
5591b8bee000
page read and write
5591b8bee000
page read and write
7ff54e59d000
page read and write
7ff54f03d000
page read and write
7ff54f8a0000
page read and write
7ffe7e3d5000
page execute read
7ff54edae000
page read and write
7ff54f8a0000
page read and write
7ffe7e389000
page read and write
7ff54edae000
page read and write
7ff4c8015000
page read and write
5591b89bc000
page execute read
5591babf4000
page execute and read and write
7ffe7e3d5000
page execute read
7ff54f03d000
page read and write
7ff548021000
page read and write
7ff54e59d000
page read and write
7ff54f76f000
page read and write
7ff54e59d000
page read and write
7ff54eda0000
page read and write
7ffe7e389000
page read and write
7ff4c801a000
page read and write
7ff54f8e5000
page read and write
5591b8bee000
page read and write
5591b8bf6000
page read and write
5591b89bc000
page execute read
7ff54f8e5000
page read and write
7ff548000000
page read and write
5591babf4000
page execute and read and write
7ff54f76f000
page read and write
5591bac8b000
page read and write
7ff4c801a000
page read and write
7ffe7e3d5000
page execute read
7ff54f8e5000
page read and write
7ff54eda0000
page read and write
7ff54f3ff000
page read and write
7ff54f3ff000
page read and write
5591b8bee000
page read and write
7ff54f03d000
page read and write
7ff4c8018000
page read and write
7ff548000000
page read and write
7ff4c8018000
page read and write
7ff54f76f000
page read and write
7ff548021000
page read and write
5591b8bf6000
page read and write
7ff54edae000
page read and write
5591b89bc000
page execute read
5591babf4000
page execute and read and write
5591b8bee000
page read and write
5591bac8b000
page read and write
7ff54e59d000
page read and write
7ff548021000
page read and write
7ff54f8a0000
page read and write
5591bac8b000
page read and write
5591bc22f000
page read and write
7ff54f8a0000
page read and write
7ff54f424000
page read and write
7ff54f3ff000
page read and write
5591b89bc000
page execute read
5591bc22f000
page read and write
7ffe7e389000
page read and write
7ff4c8015000
page read and write
7ff4c8018000
page read and write
5591b8bf6000
page read and write
5591bac8b000
page read and write
5591bc22f000
page read and write
7ff54f8e5000
page read and write
7ff54f898000
page read and write
7ff548000000
page read and write
7ff54edae000
page read and write
7ff4c8015000
page read and write
7ff54e59d000
page read and write
5591bc22f000
page read and write
7ff54f3ff000
page read and write
7ff54f424000
page read and write
7ff548021000
page read and write
7ff54f898000
page read and write
5591bc22f000
page read and write
7ff548021000
page read and write
7ff4c8018000
page read and write
7ff548021000
page read and write
7ff4c8015000
page read and write
7ff54f3ff000
page read and write
5591b89bc000
page execute read
7ff54f898000
page read and write
7ff54f898000
page read and write
7ff54f8a0000
page read and write
7ff548000000
page read and write
7ff54eda0000
page read and write
5591bac8b000
page read and write
7ff54f76f000
page read and write
7ff4c8015000
page read and write
7ff54eda0000
page read and write
5591babf4000
page execute and read and write
7ff54f03d000
page read and write
7ffe7e389000
page read and write
5591b8bf6000
page read and write
7ff54edae000
page read and write
5591bac8b000
page read and write
7ff4c8015000
page read and write
There are 130 hidden memdumps, click here to show them.