Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
/tmp/zone.armv5.elf
|
/tmp/zone.armv5.elf
|
||
|
/tmp/zone.armv5.elf
|
-
|
||
|
/tmp/zone.armv5.elf
|
/tmp/zone.armv5.elf -b
|
||
|
/tmp/zone.armv5.elf
|
-
|
||
|
/bin/bash
|
/bin/bash -c uptime
|
||
|
/usr/bin/uptime
|
uptime
|
||
|
/tmp/zone.armv5.elf
|
-
|
||
|
/usr/bin/bash
|
bash -c "cat /proc/net/dev |grep ens160 |awk '{print $2}'"
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/cat
|
cat /proc/net/dev
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/grep
|
grep ens160
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/awk
|
awk "{print $2}"
|
||
|
/tmp/zone.armv5.elf
|
-
|
||
|
/usr/bin/bash
|
bash -c "cat /proc/net/dev |grep ens160 |awk '{print $10}'"
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/cat
|
cat /proc/net/dev
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/grep
|
grep ens160
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/awk
|
awk "{print $10}"
|
||
|
/tmp/zone.armv5.elf
|
-
|
||
|
/usr/bin/bash
|
bash -c "cat /proc/net/dev |grep ens160 |awk '{print $2}'"
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/cat
|
cat /proc/net/dev
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/grep
|
grep ens160
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/awk
|
awk "{print $2}"
|
||
|
/tmp/zone.armv5.elf
|
-
|
||
|
/usr/bin/bash
|
bash -c "cat /proc/net/dev |grep ens160 |awk '{print $10}'"
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/cat
|
cat /proc/net/dev
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/grep
|
grep ens160
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/awk
|
awk "{print $10}"
|
||
|
/tmp/zone.armv5.elf
|
-
|
||
|
/usr/bin/bash
|
bash -c "cat /proc/net/dev |grep ens160 |awk '{print $2}'"
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/cat
|
cat /proc/net/dev
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/grep
|
grep ens160
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/awk
|
awk "{print $2}"
|
||
|
/tmp/zone.armv5.elf
|
-
|
||
|
/usr/bin/bash
|
bash -c "cat /proc/net/dev |grep ens160 |awk '{print $10}'"
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/cat
|
cat /proc/net/dev
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/grep
|
grep ens160
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/awk
|
awk "{print $10}"
|
There are 44 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://upx.sf.net
|
unknown
|
 |
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
column.mrbasic.com
|
38.60.221.32
|
||
|
daisy.ubuntu.com
|
162.213.35.24
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
38.60.221.32
|
column.mrbasic.com
|
United States
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7f3aa34c3000
|
page read and write
|
|||
|
7f756bdab000
|
page read and write
|
|||
|
7f7465076000
|
page read and write
|
|||
|
7f755b1ab000
|
page read and write
|
|||
|
7f3a9b7fe000
|
page read and write
|
|||
|
7f7448024000
|
page read and write
|
|||
|
7ffd057fd000
|
page execute read
|
|||
|
7f399c49a000
|
page execute read
|
|||
|
564f64c4a000
|
page read and write
|
|||
|
7f74502a1000
|
page read and write
|
|||
|
7f756b068000
|
page read and write
|
|||
|
564f642b5000
|
page execute and read and write
|
|||
|
7f744c050000
|
page read and write
|
|||
|
7f3aa3ab3000
|
page read and write
|
|||
|
7f756a6db000
|
page read and write
|
|||
|
7f3a9c021000
|
page read and write
|
|||
|
7f3aa4174000
|
page read and write
|
|||
|
7f756b45c000
|
page read and write
|
|||
|
7f3aa412f000
|
page read and write
|
|||
|
7f3aa2b67000
|
page read and write
|
|||
|
564f642cc000
|
page read and write
|
|||
|
7f746518c000
|
page read and write
|
|||
|
7f756a71c000
|
page read and write
|
|||
|
7f756b6ea000
|
page read and write
|
|||
|
7f7440041000
|
page read and write
|
|||
|
7f756a79e000
|
page read and write
|
|||
|
564f6205d000
|
page execute read
|
|||
|
7f756a75d000
|
page read and write
|
|||
|
7f3aa3a90000
|
page read and write
|
|||
|
7f756bc19000
|
page read and write
|
|||
|
7f756a659000
|
page read and write
|
|||
|
55bd8ce6d000
|
page read and write
|
|||
|
55bd8abfe000
|
page execute read
|
|||
|
7f3990021000
|
page read and write
|
|||
|
7ffd0577f000
|
page read and write
|
|||
|
7f756a69a000
|
page read and write
|
|||
|
7f7460021000
|
page read and write
|
|||
|
7f399d05e000
|
page read and write
|
|||
|
7f3998021000
|
page read and write
|
|||
|
7f399d40f000
|
page read and write
|
|||
|
7f3aa410b000
|
page read and write
|
|||
|
7f7464e9f000
|
page read and write
|
|||
|
7f74580b9000
|
page read and write
|
|||
|
7f756ba38000
|
page read and write
|
|||
|
7f756a7df000
|
page read and write
|
|||
|
7f399ce9f000
|
page read and write
|
|||
|
7f756b856000
|
page read and write
|
|||
|
7f399d01a000
|
page read and write
|
|||
|
7f7564021000
|
page read and write
|
|||
|
55bd8ce56000
|
page execute and read and write
|
|||
|
7f3a9bfff000
|
page read and write
|
|||
|
7f3a931ab000
|
page read and write
|
|||
|
7f746449a000
|
page execute read
|
|||
|
7f756a618000
|
page read and write
|
|||
|
55bd8f366000
|
page read and write
|
|||
|
7f3aa3825000
|
page read and write
|
|||
|
7f3aa3fe2000
|
page read and write
|
|||
|
7f3aa2c29000
|
page read and write
|
|||
|
564f622ae000
|
page read and write
|
|||
|
7f756bd42000
|
page read and write
|
|||
|
7f756bd66000
|
page read and write
|
|||
|
7f746507e000
|
page read and write
|
|||
|
7fff14215000
|
page read and write
|
|||
|
7f7465062000
|
page read and write
|
|||
|
7f74651a0000
|
page read and write
|
|||
|
7f7563fff000
|
page read and write
|
|||
|
7f745c021000
|
page read and write
|
|||
|
7f75637fe000
|
page read and write
|
|||
|
7f7454021000
|
page read and write
|
|||
|
7f3aa3e01000
|
page read and write
|
|||
|
55bd8ae4f000
|
page read and write
|
|||
|
7f746449f000
|
page read and write
|
|||
|
7f3aa2b26000
|
page read and write
|
|||
|
564f622b7000
|
page read and write
|
|||
|
7f746540f000
|
page read and write
|
|||
|
7f3aa3431000
|
page read and write
|
|||
|
55bd8ae58000
|
page read and write
|
|||
|
7f3994021000
|
page read and write
|
|||
|
7fff143fb000
|
page execute read
|
|||
|
7f399c49f000
|
page read and write
|
|||
|
7f756a5d7000
|
page read and write
|
|||
|
7f756b6c7000
|
page read and write
|
|||
|
7f3aa3c1f000
|
page read and write
|
|||
|
7f756b0fa000
|
page read and write
|
There are 74 hidden memdumps, click here to show them.