Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
/tmp/zone.arm.elf
|
/tmp/zone.arm.elf
|
||
|
/tmp/zone.arm.elf
|
-
|
||
|
/tmp/zone.arm.elf
|
/tmp/zone.arm.elf -b
|
||
|
/tmp/zone.arm.elf
|
-
|
||
|
/bin/bash
|
/bin/bash -c uptime
|
||
|
/usr/bin/uptime
|
uptime
|
||
|
/tmp/zone.arm.elf
|
-
|
||
|
/usr/bin/bash
|
bash -c "cat /proc/net/dev |grep ens160 |awk '{print $2}'"
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/cat
|
cat /proc/net/dev
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/grep
|
grep ens160
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/awk
|
awk "{print $2}"
|
||
|
/tmp/zone.arm.elf
|
-
|
||
|
/usr/bin/bash
|
bash -c "cat /proc/net/dev |grep ens160 |awk '{print $10}'"
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/cat
|
cat /proc/net/dev
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/grep
|
grep ens160
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/awk
|
awk "{print $10}"
|
||
|
/tmp/zone.arm.elf
|
-
|
||
|
/usr/bin/bash
|
bash -c "cat /proc/net/dev |grep ens160 |awk '{print $2}'"
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/cat
|
cat /proc/net/dev
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/grep
|
grep ens160
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/awk
|
awk "{print $2}"
|
||
|
/tmp/zone.arm.elf
|
-
|
||
|
/usr/bin/bash
|
bash -c "cat /proc/net/dev |grep ens160 |awk '{print $10}'"
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/cat
|
cat /proc/net/dev
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/grep
|
grep ens160
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/awk
|
awk "{print $10}"
|
||
|
/tmp/zone.arm.elf
|
-
|
||
|
/usr/bin/bash
|
bash -c "cat /proc/net/dev |grep ens160 |awk '{print $2}'"
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/cat
|
cat /proc/net/dev
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/grep
|
grep ens160
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/awk
|
awk "{print $2}"
|
||
|
/tmp/zone.arm.elf
|
-
|
||
|
/usr/bin/bash
|
bash -c "cat /proc/net/dev |grep ens160 |awk '{print $10}'"
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/cat
|
cat /proc/net/dev
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/grep
|
grep ens160
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/awk
|
awk "{print $10}"
|
There are 44 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://upx.sf.net
|
unknown
|
 |
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
column.mrbasic.com
|
38.60.221.32
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
38.60.221.32
|
column.mrbasic.com
|
United States
|
||
|
109.202.202.202
|
unknown
|
Switzerland
|
||
|
91.189.91.43
|
unknown
|
United Kingdom
|
||
|
91.189.91.42
|
unknown
|
United Kingdom
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7fcbd3a1d000
|
page read and write
|
|||
|
55c1673eb000
|
page read and write
|
|||
|
7f8be40b0000
|
page read and write
|
|||
|
7fcbcb7fe000
|
page read and write
|
|||
|
7f8cf5caf000
|
page read and write
|
|||
|
7f8cf4730000
|
page read and write
|
|||
|
7f8bd0033000
|
page read and write
|
|||
|
561c9d807000
|
page read and write
|
|||
|
7f8cf5e41000
|
page read and write
|
|||
|
7fcbcbfff000
|
page read and write
|
|||
|
7fcbd3baf000
|
page read and write
|
|||
|
7fcbd2561000
|
page read and write
|
|||
|
7fcac8021000
|
page read and write
|
|||
|
7f8bcc021000
|
page read and write
|
|||
|
7f8bec1ff000
|
page read and write
|
|||
|
7f8bf049f000
|
page read and write
|
|||
|
7f8bf0498000
|
page execute read
|
|||
|
7ffc3cb67000
|
page execute read
|
|||
|
561ca1b29000
|
page read and write
|
|||
|
7f8bf11a6000
|
page read and write
|
|||
|
7f8cf0021000
|
page read and write
|
|||
|
7f8cf5190000
|
page read and write
|
|||
|
7f8be8021000
|
page read and write
|
|||
|
7fcacc49f000
|
page read and write
|
|||
|
7fcbd25a2000
|
page read and write
|
|||
|
7f8cf46ae000
|
page read and write
|
|||
|
7f8bf140f000
|
page read and write
|
|||
|
7fcbcc021000
|
page read and write
|
|||
|
7f8bf105e000
|
page read and write
|
|||
|
7f8be0021000
|
page read and write
|
|||
|
7f8bdc0b6000
|
page read and write
|
|||
|
7fcbd365a000
|
page read and write
|
|||
|
55c16517c000
|
page execute read
|
|||
|
7f8cf575d000
|
page read and write
|
|||
|
7f8cf5dd8000
|
page read and write
|
|||
|
7fcbd34cb000
|
page read and write
|
|||
|
7fcacd40f000
|
page read and write
|
|||
|
7fcbd383c000
|
page read and write
|
|||
|
7fcbd2efe000
|
page read and write
|
|||
|
7f8cf5ace000
|
page read and write
|
|||
|
7f8cf47b2000
|
page read and write
|
|||
|
7ffc3cab9000
|
page read and write
|
|||
|
7fcbd3b46000
|
page read and write
|
|||
|
7f8ce71ab000
|
page read and write
|
|||
|
7f8bd806f000
|
page read and write
|
|||
|
7f8cef7fe000
|
page read and write
|
|||
|
7fcbd3b6a000
|
page read and write
|
|||
|
7f8cf5dfc000
|
page read and write
|
|||
|
55c1682a9000
|
page read and write
|
|||
|
561c9f825000
|
page read and write
|
|||
|
7f8bf11ce000
|
page read and write
|
|||
|
561c9d5b6000
|
page execute read
|
|||
|
561c9f80e000
|
page execute and read and write
|
|||
|
7f8ceffff000
|
page read and write
|
|||
|
561c9d810000
|
page read and write
|
|||
|
7fcbd2e6c000
|
page read and write
|
|||
|
7f8cf462c000
|
page read and write
|
|||
|
7f8cf50fe000
|
page read and write
|
|||
|
7f8cf58ec000
|
page read and write
|
|||
|
7fcacce9f000
|
page read and write
|
|||
|
55c1653d6000
|
page read and write
|
|||
|
7f8cf54f2000
|
page read and write
|
|||
|
7f8bd405b000
|
page read and write
|
|||
|
7f8cf46ef000
|
page read and write
|
|||
|
7fcac0021000
|
page read and write
|
|||
|
7f8bf101a000
|
page read and write
|
|||
|
55c1653cd000
|
page read and write
|
|||
|
7f8cf47f3000
|
page read and write
|
|||
|
7f8cf4834000
|
page read and write
|
|||
|
7fcac4021000
|
page read and write
|
|||
|
7fcbd34ee000
|
page read and write
|
|||
|
7fcacc498000
|
page execute read
|
|||
|
7fcacd01a000
|
page read and write
|
|||
|
7f8cf4875000
|
page read and write
|
|||
|
7f8bf0e9f000
|
page read and write
|
|||
|
7f8cf4771000
|
page read and write
|
|||
|
7fcbd2664000
|
page read and write
|
|||
|
7fcbd3260000
|
page read and write
|
|||
|
7f8cf5780000
|
page read and write
|
|||
|
55c1673d4000
|
page execute and read and write
|
|||
|
7ffcbff9b000
|
page read and write
|
|||
|
7fcbc31ab000
|
page read and write
|
|||
|
7f8cf466d000
|
page read and write
|
|||
|
7ffcbffd9000
|
page execute read
|
There are 74 hidden memdumps, click here to show them.