Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
/usr/bin/dash
|
-
|
||
/usr/bin/rm
|
rm -f /tmp/tmp.xhX4QP054m /tmp/tmp.lQdjLJkcpS /tmp/tmp.OZess4uDXl
|
||
/usr/bin/dash
|
-
|
||
/usr/bin/rm
|
rm -f /tmp/tmp.xhX4QP054m /tmp/tmp.lQdjLJkcpS /tmp/tmp.OZess4uDXl
|
||
/tmp/2.elf
|
/tmp/2.elf
|
||
/tmp/2.elf
|
-
|
||
/tmp/2.elf
|
-
|
||
/tmp/2.elf
|
-
|
||
/tmp/2.elf
|
-
|
||
/tmp/2.elf
|
-
|
||
/usr/bin/xfce4-panel
|
-
|
||
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray
"Notification Area" "Area where notification icons appear"
|
||
/usr/bin/xfce4-panel
|
-
|
||
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921
statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
|
||
/usr/bin/xfce4-panel
|
-
|
||
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8
12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
|
||
/usr/bin/xfce4-panel
|
-
|
||
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9
12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness
of your display"
|
||
/usr/bin/xfce4-panel
|
-
|
||
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so
10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
|
||
/usr/bin/xfce4-panel
|
-
|
||
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925
actions "Action Buttons" "Log out, lock or other system actions"
|
There are 12 hidden processes, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://1/wget.sh
|
unknown
|
||
http://schemas.xmlsoap.org/soap/encoding/
|
unknown
|
||
http://9/curl.sh
|
unknown
|
||
http://schemas.xmlsoap.org/soap/envelope/
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
197.154.8.95
|
unknown
|
Ethiopia
|
||
41.160.223.152
|
unknown
|
South Africa
|
||
197.173.220.111
|
unknown
|
South Africa
|
||
125.227.201.233
|
unknown
|
Taiwan; Republic of China (ROC)
|
||
195.166.221.243
|
unknown
|
Gibraltar
|
||
197.129.211.53
|
unknown
|
Morocco
|
||
157.71.232.56
|
unknown
|
Japan
|
||
197.109.134.88
|
unknown
|
South Africa
|
||
41.122.249.211
|
unknown
|
South Africa
|
||
41.77.4.232
|
unknown
|
Zambia
|
||
41.21.252.9
|
unknown
|
South Africa
|
||
166.73.218.156
|
unknown
|
United States
|
||
197.32.129.181
|
unknown
|
Egypt
|
||
133.214.188.203
|
unknown
|
Japan
|
||
41.212.254.194
|
unknown
|
Mauritius
|
||
200.244.158.184
|
unknown
|
Brazil
|
||
197.211.102.48
|
unknown
|
Malawi
|
||
157.53.82.117
|
unknown
|
United States
|
||
197.96.225.136
|
unknown
|
South Africa
|
||
41.53.237.252
|
unknown
|
South Africa
|
||
41.25.45.237
|
unknown
|
South Africa
|
||
41.116.103.255
|
unknown
|
South Africa
|
||
197.27.46.205
|
unknown
|
Tunisia
|
||
41.155.61.153
|
unknown
|
unknown
|
||
41.38.222.255
|
unknown
|
Egypt
|
||
157.108.93.95
|
unknown
|
Japan
|
||
114.189.90.29
|
unknown
|
Japan
|
||
129.224.69.216
|
unknown
|
United States
|
||
157.97.64.148
|
unknown
|
Germany
|
||
41.159.60.209
|
unknown
|
Gabon
|
||
197.150.202.17
|
unknown
|
Egypt
|
||
157.194.27.203
|
unknown
|
United States
|
||
197.192.65.187
|
unknown
|
Egypt
|
||
157.40.72.152
|
unknown
|
India
|
||
197.75.183.143
|
unknown
|
South Africa
|
||
172.237.152.235
|
unknown
|
United States
|
||
197.162.24.207
|
unknown
|
Egypt
|
||
197.15.63.192
|
unknown
|
Tunisia
|
||
197.211.29.69
|
unknown
|
Kenya
|
||
157.92.111.53
|
unknown
|
Argentina
|
||
41.57.219.98
|
unknown
|
Ghana
|
||
128.182.115.228
|
unknown
|
United States
|
||
197.152.120.2
|
unknown
|
Tanzania United Republic of
|
||
137.165.8.200
|
unknown
|
United States
|
||
179.233.27.152
|
unknown
|
Brazil
|
||
157.187.70.183
|
unknown
|
United States
|
||
197.21.89.101
|
unknown
|
Tunisia
|
||
197.32.82.214
|
unknown
|
Egypt
|
||
41.80.198.206
|
unknown
|
Kenya
|
||
41.169.13.83
|
unknown
|
South Africa
|
||
203.163.222.9
|
unknown
|
Taiwan; Republic of China (ROC)
|
||
41.3.249.54
|
unknown
|
South Africa
|
||
157.254.163.219
|
unknown
|
United States
|
||
197.234.255.170
|
unknown
|
unknown
|
||
41.102.197.106
|
unknown
|
Algeria
|
||
157.155.154.47
|
unknown
|
Australia
|
||
208.36.186.89
|
unknown
|
United States
|
||
157.25.81.94
|
unknown
|
Poland
|
||
157.215.69.24
|
unknown
|
United States
|
||
139.115.225.186
|
unknown
|
Norway
|
||
157.213.41.182
|
unknown
|
United States
|
||
41.60.196.85
|
unknown
|
Mauritius
|
||
197.153.85.36
|
unknown
|
Morocco
|
||
157.158.112.149
|
unknown
|
Poland
|
||
157.138.100.108
|
unknown
|
Italy
|
||
197.206.199.18
|
unknown
|
Algeria
|
||
157.177.222.249
|
unknown
|
Austria
|
||
140.126.208.102
|
unknown
|
Taiwan; Republic of China (ROC)
|
||
157.231.210.193
|
unknown
|
United Kingdom
|
||
197.211.126.51
|
unknown
|
Malawi
|
||
131.73.35.79
|
unknown
|
United States
|
||
75.223.4.250
|
unknown
|
United States
|
||
36.247.238.250
|
unknown
|
Japan
|
||
41.153.182.179
|
unknown
|
Egypt
|
||
41.34.56.163
|
unknown
|
Egypt
|
||
157.250.39.126
|
unknown
|
United States
|
||
197.4.248.29
|
unknown
|
Tunisia
|
||
41.159.91.1
|
unknown
|
Gabon
|
||
25.17.178.3
|
unknown
|
United Kingdom
|
||
197.250.1.127
|
unknown
|
Tanzania United Republic of
|
||
197.30.41.148
|
unknown
|
Tunisia
|
||
157.91.133.216
|
unknown
|
United States
|
||
50.206.209.122
|
unknown
|
United States
|
||
197.30.41.144
|
unknown
|
Tunisia
|
||
87.109.38.42
|
unknown
|
Saudi Arabia
|
||
157.64.220.197
|
unknown
|
Japan
|
||
197.230.184.225
|
unknown
|
Morocco
|
||
157.206.62.7
|
unknown
|
United States
|
||
41.39.212.183
|
unknown
|
Egypt
|
||
120.248.168.125
|
unknown
|
China
|
||
109.131.215.129
|
unknown
|
Belgium
|
||
157.242.151.3
|
unknown
|
United States
|
||
170.131.144.27
|
unknown
|
United States
|
||
157.231.209.202
|
unknown
|
United Kingdom
|
||
157.80.43.206
|
unknown
|
Japan
|
||
197.1.178.239
|
unknown
|
Tunisia
|
||
20.78.208.111
|
unknown
|
United States
|
||
197.77.90.58
|
unknown
|
South Africa
|
||
157.86.200.157
|
unknown
|
Brazil
|
||
157.120.16.165
|
unknown
|
Japan
|
There are 90 hidden IPs, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
7ffe60dd1000
|
page read and write
|
|||
5636ea74c000
|
page execute and read and write
|
|||
7f255445c000
|
page read and write
|
|||
7f25dab16000
|
page read and write
|
|||
7f25d4021000
|
page read and write
|
|||
7f25db028000
|
page read and write
|
|||
5636e8744000
|
page read and write
|
|||
7f2554459000
|
page read and write
|
|||
7f25da485000
|
page read and write
|
|||
5636ebb1e000
|
page read and write
|
|||
7f25daad6000
|
page read and write
|
|||
7f25db028000
|
page read and write
|
|||
7f25da735000
|
page read and write
|
|||
7ffe60dd1000
|
page read and write
|
|||
7f25d4000000
|
page read and write
|
|||
7f25dae47000
|
page read and write
|
|||
5636ea763000
|
page read and write
|
|||
7f25db19e000
|
page read and write
|
|||
7f25db19e000
|
page read and write
|
|||
7f2554418000
|
page execute read
|
|||
7f25db159000
|
page read and write
|
|||
7f2554459000
|
page read and write
|
|||
7f25d4021000
|
page read and write
|
|||
7f25d4000000
|
page read and write
|
|||
7f25dae47000
|
page read and write
|
|||
7f25daaf9000
|
page read and write
|
|||
7f25daad6000
|
page read and write
|
|||
7f25daaf9000
|
page read and write
|
|||
5636ea763000
|
page read and write
|
|||
7f25da735000
|
page read and write
|
|||
5636e8744000
|
page read and write
|
|||
7f25db151000
|
page read and write
|
|||
5636e874e000
|
page read and write
|
|||
7f25db151000
|
page read and write
|
|||
5636ea74c000
|
page execute and read and write
|
|||
7f25db159000
|
page read and write
|
|||
7f25da485000
|
page read and write
|
|||
5636e84bc000
|
page execute read
|
|||
5636e874e000
|
page read and write
|
|||
7f25dab16000
|
page read and write
|
|||
7ffe60dea000
|
page execute read
|
|||
7f2554418000
|
page execute read
|
|||
7ffe60dea000
|
page execute read
|
|||
7f255445c000
|
page read and write
|
|||
5636e84bc000
|
page execute read
|
|||
7f25da477000
|
page read and write
|
|||
7f25d9c6f000
|
page read and write
|
|||
7f25d9c6f000
|
page read and write
|
|||
7f25da477000
|
page read and write
|
|||
5636ebb1e000
|
page read and write
|
There are 40 hidden memdumps, click here to show them.