Guten Abend liebe Community,
folgender Fall: Meine Frau und ich verwenden jeweils einen Lenovo All-In-One C260 (uralt). Heute stellen wir beim Dateien-hin-und-herschieben fest, dass laut der Rubrik "zuletzt verwendet" im Dateimanager Nautilus in einem sehr kurzen Zeitraum eine Menge Verzeichnisse verwendet wurden (die wir nicht verwendet haben).
Wir gingen so vor: Dateimanager öffnen > in Ordner Downloads wechseln > Datei auswählen > Option "Verschieben nach…" wählen > in der sich öffnenden Ansicht "zuletzt verwendet" auswählen.
So wurden bsw auf meinem PC im Zeitraum 17:02 Uhr bis 17:02 Uhr fast 40 Verzeichnisse geöffnet, obwohl ich in diesem Zeitraum eher zwei bis drei Dateien bearbeitet habe.
Wähle ich stattdessen ein neues Nautilus-Fenster und wähle (ohne den Zwischenschritt "Datei verschieben") die Rubrik "zuletzt verwendet", scheint alles normal zu sein und um 17:02 Uhr wurden gar keine Dokumente bzw Verzeichnisse geöffnet.
Nun machen wir uns Sorgen, dass unsere Systeme kompromittiert sein könnten.
Leider konnten wir bisher weder das exakte Programm, dass zugegriffen hat, isolieren noch andere nützliche Informationen heraus finden.
Die FRAGE: Hat jemand eine Idee, um heraus zu finden, wie und warum diese Dateizugriffe passiert sind?
Mit freundlichen Grüßen, Alexander
Verschiedene Terminalinfos:
Die Ausgabe von ls -lt zeigt nichts ungewöhnliches (soweit ich das beurteilen kann)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 | Lenovo-C260:~$ ls -lt insgesamt 492 drwxr-xr-x 20 alexander alexander 4096 Mär 4 17:14 Bilder drwxr-xr-x 10 alexander alexander 32768 Mär 3 18:15 Downloads drwxr-xr-x 8 alexander alexander 4096 Mär 3 17:42 Schreibtisch drwxr-xr-x 274 alexander alexander 16384 Mär 2 07:57 Calibre-Bibliothek drwx------ 12 alexander alexander 4096 Mär 1 09:02 snap drwxr-xr-x 9 alexander alexander 4096 Feb 22 11:11 Videos drwxrwxr-x 2 alexander alexander 4096 Feb 18 16:17 dwhelper -rw-rw-r-- 1 alexander alexander 339916 Feb 15 18:11 Firefox_wallpaper.png drwxr-xr-x 35 alexander alexander 4096 Jän 22 15:54 Projekte drwxrwxr-x 3 alexander alexander 4096 Jän 19 17:22 usr drwxrwxr-x 4 alexander alexander 4096 Jän 19 17:16 texmf drwxrwxr-x 5 alexander alexander 4096 Nov 16 08:07 yEd drwxrwxr-x 6 alexander alexander 4096 Nov 15 15:28 IdeaProjects drwxr-xr-x 30 alexander alexander 4096 Nov 3 07:58 Dokumente drwxr-xr-x 8 alexander alexander 4096 Nov 2 08:54 Games drwxr-xr-x 99 alexander alexander 4096 Nov 2 08:08 Musik drwxr-xr-x 2 alexander alexander 4096 Nov 1 18:38 skripte drwxr-xr-x 2 alexander alexander 4096 Nov 1 18:38 ToDo drwxr-xr-x 4 alexander alexander 4096 Nov 1 18:12 'e-books, Zeitschriften, …' drwxr-xr-x 4 alexander alexander 4096 Nov 1 18:11 dvdrip-data drwxr-xr-x 6 alexander alexander 4096 Nov 1 16:45 Digital drwxr-xr-x 2 alexander alexander 4096 Nov 1 16:34 Akten drwxrwxr-x 2 alexander alexander 4096 Nov 1 13:25 Programme drwxr-xr-x 2 alexander alexander 4096 Okt 31 18:03 Öffentlich drwxr-xr-x 2 alexander alexander 4096 Okt 31 18:03 Vorlagen drwxrwxr-x 3 alexander alexander 4096 Okt 26 05:24 anki-2.1.49-linux drwxr-xr-x 6 alexander alexander 4096 Sep 5 14:50 DeveloperDeveloping drwxr-xr-x 3 alexander alexander 4096 Jul 7 2021 KA-Challenge drwxr-xr-x 3 alexander alexander 4096 Jul 26 2017 Notebooks drwxr-xr-x 3 alexander alexander 4096 Dez 28 2014 Emulation |
Testweise habe ich versucht, auf eines der betroffenen Verzeichnisse zuzugreifen: Die Ausgabe von stat dwhelper/: (eines der betroffenen Verzeichnisse)
1 2 3 4 5 6 7 8 9 | enovo-C260:~$ stat dwhelper/ Datei: dwhelper/ Größe: 4096 Blöcke: 8 EA Block: 4096 Verzeichnis Gerät: fd01h/64769d Inode: 22026852 Verknüpfungen: 2 Zugriff: (0775/drwxrwxr-x) Uid: ( 1000/alexander) Gid: ( 1000/alexander) Zugriff: 2022-03-04 17:02:34.888786487 +0100 Modifiziert: 2022-02-18 16:17:53.259792040 +0100 Geändert: 2022-02-18 16:17:53.259792040 +0100 Geburt: - |
Die Ausgabe von ps aux - zu sehen sind Prozesse um 17:02, aber ich werd nicht schlau draus):
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 | Lenovo-C260:~$ ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.2 0.1 170072 13888 ? Ss 16:56 0:03 /sbin/init sp root 2 0.0 0.0 0 0 ? S 16:56 0:00 [kthreadd] root 3 0.0 0.0 0 0 ? I< 16:56 0:00 [rcu_gp] root 4 0.0 0.0 0 0 ? I< 16:56 0:00 [rcu_par_gp] root 6 0.0 0.0 0 0 ? I< 16:56 0:00 [kworker/0:0H root 9 0.0 0.0 0 0 ? I< 16:56 0:00 [mm_percpu_wq root 10 0.0 0.0 0 0 ? S 16:56 0:00 [rcu_tasks_ru root 11 0.0 0.0 0 0 ? S 16:56 0:00 [rcu_tasks_tr root 12 0.0 0.0 0 0 ? S 16:56 0:00 [ksoftirqd/0] root 13 0.1 0.0 0 0 ? I 16:56 0:01 [rcu_sched] root 14 0.0 0.0 0 0 ? S 16:56 0:00 [migration/0] root 15 0.0 0.0 0 0 ? S 16:56 0:00 [idle_inject/ root 16 0.0 0.0 0 0 ? S 16:56 0:00 [cpuhp/0] root 17 0.0 0.0 0 0 ? S 16:56 0:00 [cpuhp/1] root 18 0.0 0.0 0 0 ? S 16:56 0:00 [idle_inject/ root 19 0.0 0.0 0 0 ? S 16:56 0:00 [migration/1] root 20 0.0 0.0 0 0 ? S 16:56 0:00 [ksoftirqd/1] root 22 0.0 0.0 0 0 ? I< 16:56 0:00 [kworker/1:0H root 23 0.0 0.0 0 0 ? S 16:56 0:00 [cpuhp/2] root 24 0.0 0.0 0 0 ? S 16:56 0:00 [idle_inject/ root 25 0.0 0.0 0 0 ? S 16:56 0:00 [migration/2] root 26 0.0 0.0 0 0 ? S 16:56 0:00 [ksoftirqd/2] root 28 0.0 0.0 0 0 ? I< 16:56 0:00 [kworker/2:0H root 29 0.0 0.0 0 0 ? S 16:56 0:00 [cpuhp/3] root 30 0.0 0.0 0 0 ? S 16:56 0:00 [idle_inject/ root 31 0.0 0.0 0 0 ? S 16:56 0:00 [migration/3] root 32 0.0 0.0 0 0 ? S 16:56 0:00 [ksoftirqd/3] root 34 0.0 0.0 0 0 ? I< 16:56 0:00 [kworker/3:0H root 35 0.0 0.0 0 0 ? S 16:56 0:00 [kdevtmpfs] root 36 0.0 0.0 0 0 ? I< 16:56 0:00 [netns] root 37 0.0 0.0 0 0 ? I< 16:56 0:00 [inet_frag_wq root 38 0.0 0.0 0 0 ? S 16:56 0:00 [kauditd] root 39 0.0 0.0 0 0 ? S 16:56 0:00 [khungtaskd] root 40 0.0 0.0 0 0 ? S 16:56 0:00 [oom_reaper] root 41 0.0 0.0 0 0 ? I< 16:56 0:00 [writeback] root 42 0.0 0.0 0 0 ? S 16:56 0:00 [kcompactd0] root 43 0.0 0.0 0 0 ? SN 16:56 0:00 [ksmd] root 44 0.0 0.0 0 0 ? SN 16:56 0:00 [khugepaged] root 91 0.0 0.0 0 0 ? I< 16:56 0:00 [kintegrityd] root 92 0.0 0.0 0 0 ? I< 16:56 0:00 [kblockd] root 93 0.0 0.0 0 0 ? I< 16:56 0:00 [blkcg_punt_b root 95 0.0 0.0 0 0 ? I< 16:56 0:00 [tpm_dev_wq] root 96 0.0 0.0 0 0 ? I< 16:56 0:00 [ata_sff] root 97 0.0 0.0 0 0 ? I< 16:56 0:00 [md] root 98 0.0 0.0 0 0 ? I< 16:56 0:00 [edac-poller] root 99 0.0 0.0 0 0 ? I< 16:56 0:00 [devfreq_wq] root 100 0.0 0.0 0 0 ? S 16:56 0:00 [watchdogd] root 102 0.0 0.0 0 0 ? I< 16:56 0:00 [kworker/1:1H root 104 0.0 0.0 0 0 ? S 16:56 0:00 [kswapd0] root 105 0.0 0.0 0 0 ? S 16:56 0:00 [ecryptfs-kth root 107 0.0 0.0 0 0 ? I< 16:56 0:00 [kthrotld] root 109 0.0 0.0 0 0 ? I< 16:56 0:00 [acpi_thermal root 111 0.0 0.0 0 0 ? I< 16:56 0:00 [vfio-irqfd-c root 115 0.0 0.0 0 0 ? I< 16:56 0:00 [mld] root 116 0.0 0.0 0 0 ? I< 16:56 0:00 [ipv6_addrcon root 118 0.4 0.0 0 0 ? I 16:56 0:08 [kworker/u8:3 root 127 0.0 0.0 0 0 ? I< 16:56 0:00 [kstrp] root 130 0.0 0.0 0 0 ? I< 16:56 0:00 [zswap-shrink root 131 0.1 0.0 0 0 ? I< 16:56 0:02 [kworker/u9:0 root 136 0.0 0.0 0 0 ? I< 16:56 0:00 [charger_mana root 158 0.0 0.0 0 0 ? I< 16:56 0:00 [kworker/2:1H root 185 0.0 0.0 0 0 ? S 16:56 0:00 [scsi_eh_0] root 186 0.0 0.0 0 0 ? I< 16:56 0:00 [scsi_tmf_0] root 187 0.0 0.0 0 0 ? S 16:56 0:00 [scsi_eh_1] root 188 0.0 0.0 0 0 ? I< 16:56 0:00 [scsi_tmf_1] root 189 0.0 0.0 0 0 ? I< 16:56 0:00 [cryptd] root 195 0.5 0.0 0 0 ? I 16:56 0:09 [kworker/u8:4 root 196 0.0 0.0 0 0 ? S 16:56 0:00 [card0-crtc0] root 197 0.0 0.0 0 0 ? S 16:56 0:00 [card0-crtc1] root 198 0.0 0.0 0 0 ? I< 16:56 0:00 [kworker/0:1H root 201 0.0 0.0 0 0 ? I< 16:56 0:00 [kworker/3:1H root 399 0.0 0.0 0 0 ? I< 16:56 0:00 [kdmflush] root 413 0.0 0.0 0 0 ? I< 16:56 0:00 [kcryptd_io/2 root 414 0.0 0.0 0 0 ? I< 16:56 0:00 [kcryptd/253: root 415 0.0 0.0 0 0 ? S 16:56 0:00 [dmcrypt_writ root 418 0.0 0.0 0 0 ? I< 16:56 0:00 [kdmflush] root 420 0.0 0.0 0 0 ? I< 16:56 0:00 [kdmflush] root 462 0.5 0.0 0 0 ? I 16:56 0:09 [kworker/u8:5 root 463 0.0 0.0 0 0 ? S 16:56 0:00 [jbd2/dm-1-8] root 464 0.0 0.0 0 0 ? I< 16:56 0:00 [ext4-rsv-con root 523 0.0 0.2 51864 21456 ? S<s 16:56 0:01 /lib/systemd/ root 556 0.0 0.0 24484 7840 ? Ss 16:56 0:01 /lib/systemd/ root 563 0.0 0.0 0 0 ? S< 16:56 0:00 [loop0] root 566 0.0 0.0 0 0 ? S< 16:56 0:00 [loop1] root 568 0.0 0.0 0 0 ? S< 16:56 0:00 [loop2] root 570 0.0 0.0 0 0 ? S< 16:56 0:00 [loop3] root 576 0.0 0.0 0 0 ? S< 16:56 0:00 [loop4] root 585 0.0 0.0 0 0 ? S< 16:56 0:00 [loop5] root 592 0.0 0.0 0 0 ? S< 16:56 0:00 [loop6] root 602 0.0 0.0 0 0 ? S< 16:56 0:00 [loop7] root 617 0.0 0.0 0 0 ? S< 16:56 0:00 [loop8] root 628 0.0 0.0 0 0 ? S< 16:56 0:00 [loop9] root 629 0.0 0.0 0 0 ? S< 16:56 0:00 [loop10] root 630 0.0 0.0 0 0 ? S< 16:56 0:00 [loop11] root 631 0.0 0.0 0 0 ? S< 16:56 0:00 [loop12] root 633 0.0 0.0 0 0 ? S< 16:56 0:00 [loop13] root 634 0.0 0.0 0 0 ? S< 16:56 0:00 [loop14] root 635 0.0 0.0 0 0 ? S< 16:56 0:00 [loop15] root 638 0.0 0.0 0 0 ? S< 16:56 0:00 [loop16] root 641 0.0 0.0 0 0 ? S< 16:56 0:00 [loop17] root 649 0.0 0.0 0 0 ? S< 16:56 0:00 [loop18] root 656 0.0 0.0 0 0 ? S 16:56 0:00 [irq/94-mei_t root 657 0.0 0.0 0 0 ? S< 16:56 0:00 [loop19] root 667 0.0 0.0 0 0 ? I< 16:56 0:00 [cfg80211] root 671 0.0 0.0 0 0 ? S< 16:57 0:00 [loop20] root 680 0.0 0.0 0 0 ? S< 16:57 0:00 [loop21] root 686 0.0 0.0 0 0 ? S< 16:57 0:00 [loop22] root 695 0.0 0.0 0 0 ? S< 16:57 0:00 [loop23] root 702 0.0 0.0 0 0 ? I< 16:57 0:00 [kmemstick] root 707 0.0 0.0 0 0 ? S< 16:57 0:00 [loop24] root 721 0.0 0.0 0 0 ? S 16:57 0:00 [irq/86-soc_d root 723 0.0 0.0 0 0 ? S< 16:57 0:00 [loop25] root 733 0.0 0.0 0 0 ? S< 16:57 0:00 [loop26] root 739 0.0 0.0 0 0 ? S< 16:57 0:00 [loop27] root 759 0.0 0.0 0 0 ? S< 16:57 0:00 [loop28] root 771 0.0 0.0 0 0 ? S< 16:57 0:00 [loop29] root 775 0.0 0.0 0 0 ? S< 16:57 0:00 [loop30] root 788 0.0 0.0 0 0 ? S< 16:57 0:00 [loop31] root 899 0.0 0.0 0 0 ? S 16:57 0:00 [jbd2/sda5-8] root 900 0.0 0.0 0 0 ? I< 16:57 0:00 [ext4-rsv-con systemd+ 922 0.0 0.1 24000 13388 ? Ss 16:57 0:00 /lib/systemd/ systemd+ 925 0.0 0.0 90220 6036 ? Ssl 16:57 0:00 /lib/systemd/ root 981 0.0 0.0 239256 7972 ? Ssl 16:57 0:00 /usr/lib/acco root 982 0.0 0.0 2548 772 ? Ss 16:57 0:00 /usr/sbin/acp avahi 985 0.0 0.0 8536 3548 ? Ss 16:57 0:00 avahi-daemon: root 986 0.0 0.0 9780 2888 ? Ss 16:57 0:00 /usr/sbin/cro message+ 990 0.1 0.0 10020 6764 ? Ss 16:57 0:03 /usr/bin/dbus root 991 0.0 0.2 336868 20292 ? Ssl 16:57 0:00 /usr/sbin/Net root 999 0.0 0.0 81900 3672 ? Ssl 16:57 0:00 /usr/sbin/irq root 1000 0.0 0.2 39756 20128 ? Ss 16:57 0:00 /usr/bin/pyth root 1008 0.2 0.1 241976 11528 ? Ssl 16:57 0:03 /usr/lib/poli syslog 1018 0.0 0.0 224352 4876 ? Ssl 16:57 0:00 /usr/sbin/rsy root 1028 0.2 0.4 1094972 39744 ? Ssl 16:57 0:03 /usr/lib/snap root 1029 0.0 0.0 236088 6008 ? Ssl 16:57 0:00 /usr/libexec/ root 1031 0.0 0.1 16740 8264 ? Ss 16:57 0:00 /lib/systemd/ root 1033 0.0 0.1 126624 9208 ? Ssl 16:57 0:00 /usr/sbin/the root 1035 0.0 0.1 393528 14556 ? Ssl 16:57 0:00 /usr/lib/udis root 1037 0.0 0.0 13684 4868 ? Ss 16:57 0:00 /sbin/wpa_sup avahi 1044 0.0 0.0 8348 324 ? S 16:57 0:00 avahi-daemon: root 1118 0.0 0.1 240728 10516 ? Ssl 16:57 0:00 /usr/sbin/Mod colord 1122 0.0 0.2 247884 16104 ? Ssl 16:57 0:00 /usr/libexec/ root 1124 0.0 0.1 178568 12924 ? Ssl 16:57 0:00 /usr/sbin/cup root 1135 0.0 0.2 118388 23060 ? Ssl 16:57 0:00 /usr/bin/pyth root 1161 0.0 0.1 240140 8724 ? Ssl 16:57 0:00 /usr/sbin/gdm root 1182 0.0 0.0 6556 4568 ? Ss 16:57 0:00 /usr/sbin/apa www-data 1183 0.0 0.0 1932332 4424 ? Sl 16:57 0:00 /usr/sbin/apa www-data 1184 0.0 0.0 1932332 4424 ? Sl 16:57 0:00 /usr/sbin/apa postgres 1262 0.0 0.3 218848 29344 ? Ss 16:57 0:00 /usr/lib/post postgres 1278 0.0 0.0 218972 6748 ? Ss 16:57 0:00 postgres: 12/ postgres 1279 0.0 0.0 218984 6252 ? Ss 16:57 0:00 postgres: 12/ postgres 1280 0.0 0.1 218848 10348 ? Ss 16:57 0:00 postgres: 12/ postgres 1281 0.0 0.1 219412 8752 ? Ss 16:57 0:00 postgres: 12/ postgres 1282 0.0 0.0 73344 5112 ? Ss 16:57 0:00 postgres: 12/ postgres 1283 0.0 0.0 219408 6860 ? Ss 16:57 0:00 postgres: 12/ rtkit 1317 0.0 0.0 152936 2904 ? SNsl 16:57 0:00 /usr/libexec/ root 1374 0.0 0.0 8264 4556 ? Ss 16:57 0:00 /usr/lib/blue root 1426 0.0 0.1 252696 9932 ? Ssl 16:57 0:00 /usr/lib/upow root 1438 0.0 0.1 28804 9000 ? Ss 16:57 0:00 /usr/sbin/cup lp 1448 0.0 0.0 15332 6568 ? S 16:57 0:00 /usr/lib/cups clamav 1532 0.1 0.2 135604 17112 ? Ss 16:57 0:02 /usr/bin/fres whoopsie 1549 0.0 0.1 326896 15736 ? Ssl 16:57 0:00 /usr/bin/whoo kernoops 1559 0.0 0.0 11260 444 ? Ss 16:57 0:00 /usr/sbin/ker kernoops 1572 0.0 0.0 11260 440 ? Ss 16:57 0:00 /usr/sbin/ker root 1758 0.0 0.0 0 0 ? I< 16:57 0:00 [kworker/u9:1 root 1812 0.1 1.0 437584 82176 ? Ssl 16:59 0:02 /usr/libexec/ root 1979 0.1 0.0 0 0 ? I 17:02 0:02 [kworker/2:1- root 1985 0.0 0.1 169768 10604 ? Sl 17:02 0:00 gdm-session-w root 1996 0.0 0.0 0 0 ? I 17:02 0:01 [kworker/3:0- alexand+ 2000 0.1 0.1 19524 11024 ? Ss 17:02 0:01 /lib/systemd/ alexand+ 2001 0.0 0.0 173528 6300 ? S 17:02 0:00 (sd-pam) alexand+ 2006 0.0 0.2 2532580 21292 ? S<sl 17:02 0:00 /usr/bin/puls alexand+ 2008 1.0 0.4 925612 32604 ? SNsl 17:02 0:14 /usr/libexec/ alexand+ 2011 0.0 0.0 9960 7000 ? Ss 17:02 0:01 /usr/bin/dbus alexand+ 2016 0.0 0.0 240892 7816 ? Sl 17:02 0:00 /usr/bin/gnom alexand+ 2032 0.0 0.0 240264 7972 ? Ssl 17:02 0:00 /usr/libexec/ alexand+ 2037 0.0 0.0 378344 6504 ? Sl 17:02 0:00 /usr/libexec/ alexand+ 2044 0.0 0.1 314824 9980 ? Ssl 17:02 0:00 /usr/libexec/ alexand+ 2052 0.0 0.0 238636 6272 ? Ssl 17:02 0:00 /usr/libexec/ alexand+ 2054 0.0 0.0 164544 6704 tty2 Ssl+ 17:02 0:00 /usr/lib/gdm3 alexand+ 2056 7.6 0.6 331800 55388 tty2 Sl+ 17:02 1:43 /usr/lib/xorg alexand+ 2060 0.0 0.0 236228 5936 ? Ssl 17:02 0:00 /usr/libexec/ alexand+ 2065 0.0 0.0 236432 6308 ? Ssl 17:02 0:00 /usr/libexec/ alexand+ 2069 0.0 0.4 548116 37736 ? Sl 17:02 0:00 /usr/libexec/ alexand+ 2078 0.0 0.1 315440 9152 ? Sl 17:02 0:00 /usr/libexec/ alexand+ 2083 0.0 0.1 317280 8976 ? Ssl 17:02 0:00 /usr/libexec/ alexand+ 2108 0.0 0.1 188776 13916 tty2 Sl+ 17:02 0:00 /usr/libexec/ alexand+ 2175 0.0 0.0 6040 452 ? Ss 17:02 0:00 /usr/bin/ssh- alexand+ 2193 0.0 0.0 305468 6752 ? Ssl 17:02 0:00 /usr/libexec/ alexand+ 2198 0.0 0.0 7376 4308 ? S 17:02 0:00 /usr/bin/dbus alexand+ 2205 0.0 0.0 90600 4184 ? Ssl 17:02 0:00 /usr/libexec/ alexand+ 2212 0.0 0.2 485516 16444 ? Ssl 17:02 0:00 /usr/libexec/ alexand+ 2226 9.8 3.1 3931520 256468 ? Ssl 17:02 2:13 /usr/bin/gnom alexand+ 2247 0.0 0.1 311612 8680 ? Sl 17:02 0:00 ibus-daemon - alexand+ 2251 0.0 0.0 163380 7252 ? Sl 17:02 0:00 /usr/libexec/ alexand+ 2252 0.2 0.3 273784 29276 ? Sl 17:02 0:03 /usr/libexec/ alexand+ 2254 0.0 0.3 194532 24700 ? Sl 17:02 0:00 /usr/libexec/ alexand+ 2258 0.0 0.0 237020 7356 ? Sl 17:02 0:00 /usr/libexec/ alexand+ 2268 0.0 0.0 162872 7580 ? Sl 17:02 0:00 /usr/libexec/ alexand+ 2272 0.0 0.0 236264 6596 ? Ssl 17:02 0:00 /usr/libexec/ alexand+ 2276 0.0 0.2 581164 20160 ? Sl 17:02 0:00 /usr/libexec/ alexand+ 2283 0.0 0.3 391120 25656 ? Ssl 17:02 0:00 /usr/libexec/ alexand+ 2292 0.0 0.3 839544 30744 ? Ssl 17:02 0:00 /usr/libexec/ alexand+ 2297 0.0 0.0 156496 6108 ? Sl 17:02 0:00 /usr/libexec/ alexand+ 2311 0.0 0.3 674052 30076 ? Ssl 17:02 0:00 /usr/libexec/ alexand+ 2328 6.4 2.1 1554868 170188 ? Sl 17:02 1:26 /usr/bin/naut alexand+ 2330 0.0 0.3 2734376 27080 ? Sl 17:02 0:00 /usr/bin/gjs alexand+ 2338 0.0 0.1 314672 8236 ? Sl 17:02 0:00 /usr/libexec/ alexand+ 2347 0.0 0.0 310444 6724 ? Ssl 17:02 0:00 /usr/libexec/ alexand+ 2348 0.0 0.3 575040 26204 ? Ssl 17:02 0:00 /usr/libexec/ alexand+ 2350 0.0 0.2 374404 16472 ? Ssl 17:02 0:00 /usr/libexec/ alexand+ 2351 0.0 0.1 312856 8280 ? Ssl 17:02 0:00 /usr/libexec/ alexand+ 2353 0.0 0.3 342688 25428 ? Ssl 17:02 0:00 /usr/libexec/ alexand+ 2354 0.0 0.3 1021124 29384 ? Ssl 17:02 0:00 /usr/libexec/ alexand+ 2355 0.0 0.3 416740 25720 ? Ssl 17:02 0:00 /usr/libexec/ alexand+ 2360 0.0 0.1 248964 11612 ? Ssl 17:02 0:00 /usr/libexec/ alexand+ 2365 0.0 0.0 457684 6128 ? Ssl 17:02 0:00 /usr/libexec/ alexand+ 2366 0.0 0.0 236092 6500 ? Ssl 17:02 0:00 /usr/libexec/ alexand+ 2371 0.0 0.1 465564 10440 ? Ssl 17:02 0:00 /usr/libexec/ alexand+ 2373 0.0 0.1 389676 8780 ? Ssl 17:02 0:00 /usr/libexec/ alexand+ 2376 0.0 0.1 320136 9556 ? Ssl 17:02 0:00 /usr/libexec/ alexand+ 2381 0.0 0.0 385752 7360 ? Ssl 17:02 0:00 /usr/libexec/ alexand+ 2383 0.0 0.3 342060 24640 ? Ssl 17:02 0:00 /usr/libexec/ alexand+ 2384 0.0 0.1 314808 8412 ? Ssl 17:02 0:00 /usr/libexec/ alexand+ 2385 0.0 0.3 345196 27692 ? Ssl 17:02 0:00 /usr/libexec/ alexand+ 2398 0.0 0.7 639280 60104 ? Sl 17:02 0:00 /usr/libexec/ alexand+ 2399 0.0 0.0 231800 6316 ? Sl 17:02 0:00 /usr/libexec/ alexand+ 2425 0.0 0.9 499388 74064 ? Ssl 17:02 0:01 /usr/bin/pyth alexand+ 2475 0.0 0.1 342768 15068 ? Sl 17:02 0:00 /usr/libexec/ alexand+ 2488 0.0 0.0 163368 7236 ? Sl 17:02 0:00 /usr/libexec/ alexand+ 2491 1.4 2.7 1110232 223408 ? Sl 17:02 0:19 /snap/snap-st alexand+ 2518 0.0 0.0 458192 6748 ? Ssl 17:02 0:00 /usr/libexec/ alexand+ 2541 0.0 0.6 497904 52956 ? Sl 17:02 0:00 /usr/lib/x86_ alexand+ 2545 0.0 0.3 66164 25796 ? S 17:02 0:00 /usr/bin/pyth alexand+ 2546 0.0 0.2 51080 18548 ? S 17:02 0:00 /usr/bin/pyth alexand+ 2632 0.0 0.1 463284 10664 ? Ssl 17:02 0:00 /usr/libexec/ alexand+ 2637 0.0 0.3 493336 28360 ? Ssl 17:02 0:00 /usr/libexec/ alexand+ 2659 27.2 8.8 4089376 709868 ? Sl 17:02 6:04 /usr/lib/fire alexand+ 2800 0.0 0.0 163644 7380 ? Ssl 17:02 0:00 /usr/libexec/ alexand+ 3149 0.0 0.5 198700 43136 ? Sl 17:02 0:00 /usr/lib/fire alexand+ 3208 0.3 1.3 2441856 112440 ? Sl 17:02 0:04 /usr/lib/fire alexand+ 3310 0.1 1.2 2415632 99608 ? Sl 17:02 0:01 /usr/lib/fire alexand+ 3334 11.4 3.4 9179232 281160 ? Sl 17:02 2:32 /usr/lib/fire alexand+ 3419 1.1 2.1 2524548 176528 ? Sl 17:02 0:15 /usr/lib/fire alexand+ 3435 2.2 2.2 2582972 183328 ? Sl 17:02 0:29 /usr/lib/fire alexand+ 3546 0.0 0.6 316288 49176 ? Sl 17:02 0:00 /usr/lib/fire root 4053 0.1 0.0 0 0 ? I 17:03 0:02 [kworker/u8:0 alexand+ 4078 0.0 0.3 419612 30360 ? Sl 17:03 0:00 update-notifi alexand+ 4123 0.0 0.1 317088 11480 ? Sl 17:03 0:00 /usr/libexec/ alexand+ 4143 0.0 0.1 388588 8668 ? Sl 17:04 0:00 /usr/libexec/ alexand+ 4158 0.0 0.1 315540 8380 ? Sl 17:04 0:00 /usr/libexec/ alexand+ 4254 0.6 1.7 2481356 143800 ? Sl 17:05 0:07 /usr/lib/fire alexand+ 4320 3.2 2.4 2596844 199484 ? Sl 17:06 0:36 /usr/lib/fire alexand+ 4390 0.6 1.8 2508804 151432 ? Sl 17:06 0:07 /usr/lib/fire alexand+ 4462 0.5 1.8 2490908 151052 ? Sl 17:06 0:05 /usr/lib/fire root 4491 0.1 0.0 0 0 ? I 17:07 0:01 [kworker/0:0- root 4493 0.0 0.0 0 0 ? I 17:07 0:00 [kworker/1:2- alexand+ 4514 0.4 0.7 827068 58508 ? Ssl 17:07 0:04 /usr/libexec/ alexand+ 4522 0.0 0.0 11240 5164 pts/0 Ss+ 17:07 0:00 bash alexand+ 4623 0.3 1.5 2476204 126556 ? Sl 17:10 0:03 /usr/lib/fire alexand+ 4705 0.6 1.8 2483068 151768 ? Sl 17:11 0:05 /usr/lib/fire alexand+ 4762 1.0 2.1 2561024 173220 ? Sl 17:11 0:08 /usr/lib/fire alexand+ 4800 0.4 1.6 2462720 134276 ? Sl 17:11 0:03 /usr/lib/fire root 4924 0.0 0.0 0 0 ? I 17:12 0:00 [kworker/u8:6 alexand+ 4977 1.6 1.6 2468152 132468 ? Sl 17:13 0:10 /usr/lib/fire root 5072 0.0 0.0 0 0 ? I 17:14 0:00 [kworker/1:0- alexand+ 5243 0.6 1.8 2476368 145592 ? Sl 17:16 0:03 /usr/lib/fire alexand+ 5274 0.0 0.0 11372 5428 pts/1 Ss+ 17:16 0:00 bash root 5314 0.0 0.0 0 0 ? I 17:17 0:00 [kworker/3:2- root 5333 0.1 0.0 0 0 ? I 17:17 0:00 [kworker/0:1- root 5334 0.1 0.0 0 0 ? I 17:17 0:00 [kworker/2:0- root 5413 0.0 0.0 0 0 ? I 17:21 0:00 [kworker/1:1- alexand+ 5480 1.8 1.6 2461996 133084 ? Sl 17:22 0:02 /usr/lib/fire root 5503 0.5 0.0 0 0 ? I 17:22 0:00 [kworker/2:2- root 5504 0.1 0.0 0 0 ? I 17:23 0:00 [kworker/3:1- root 5510 0.0 0.0 0 0 ? I 17:23 0:00 [kworker/u8:1 alexand+ 5571 0.4 0.9 2391596 77000 ? Sl 17:23 0:00 /usr/lib/fire alexand+ 5622 0.6 0.9 2390312 76104 ? Sl 17:23 0:00 /usr/lib/fire alexand+ 5664 0.6 0.9 2390312 77172 ? Sl 17:24 0:00 /usr/lib/fire alexand+ 5720 0.5 0.0 11240 5144 pts/2 Ss 17:24 0:00 bash root 5739 0.0 0.0 0 0 ? I 17:24 0:00 [kworker/0:2- alexand+ 5740 0.0 0.0 11932 3552 pts/2 R+ 17:24 0:00 ps aux |