Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
/tmp/zone.x86_64.elf
|
/tmp/zone.x86_64.elf
|
||
|
/tmp/zone.x86_64.elf
|
-
|
||
|
/tmp/zone.x86_64.elf
|
/tmp/zone.x86_64.elf -b
|
||
|
/tmp/zone.x86_64.elf
|
-
|
||
|
/bin/bash
|
/bin/bash -c uptime
|
||
|
/usr/bin/uptime
|
uptime
|
||
|
/tmp/zone.x86_64.elf
|
-
|
||
|
/usr/bin/bash
|
bash -c "cat /proc/net/dev |grep ens160 |awk '{print $2}'"
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/cat
|
cat /proc/net/dev
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/grep
|
grep ens160
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/awk
|
awk "{print $2}"
|
||
|
/tmp/zone.x86_64.elf
|
-
|
||
|
/usr/bin/bash
|
bash -c "cat /proc/net/dev |grep ens160 |awk '{print $10}'"
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/cat
|
cat /proc/net/dev
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/grep
|
grep ens160
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/awk
|
awk "{print $10}"
|
||
|
/tmp/zone.x86_64.elf
|
-
|
||
|
/usr/bin/bash
|
bash -c "cat /proc/net/dev |grep ens160 |awk '{print $2}'"
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/cat
|
cat /proc/net/dev
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/grep
|
grep ens160
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/awk
|
awk "{print $2}"
|
||
|
/tmp/zone.x86_64.elf
|
-
|
||
|
/usr/bin/bash
|
bash -c "cat /proc/net/dev |grep ens160 |awk '{print $10}'"
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/cat
|
cat /proc/net/dev
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/grep
|
grep ens160
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/awk
|
awk "{print $10}"
|
||
|
/tmp/zone.x86_64.elf
|
-
|
||
|
/usr/bin/bash
|
bash -c "cat /proc/net/dev |grep ens160 |awk '{print $2}'"
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/cat
|
cat /proc/net/dev
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/grep
|
grep ens160
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/awk
|
awk "{print $2}"
|
||
|
/tmp/zone.x86_64.elf
|
-
|
||
|
/usr/bin/bash
|
bash -c "cat /proc/net/dev |grep ens160 |awk '{print $10}'"
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/cat
|
cat /proc/net/dev
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/grep
|
grep ens160
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/awk
|
awk "{print $10}"
|
There are 44 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://upx.sf.net
|
unknown
|
 |
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
38.60.221.177
|
unknown
|
United States
|
||
|
109.202.202.202
|
unknown
|
Switzerland
|
||
|
91.189.91.43
|
unknown
|
United Kingdom
|
||
|
91.189.91.42
|
unknown
|
United Kingdom
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7fca225a7000
|
page read and write
|
|||
|
7f8c01f14000
|
page read and write
|
|||
|
7fca56ca7000
|
page read and write
|
|||
|
7fca12426000
|
page read and write
|
|||
|
7fca54457000
|
page read and write
|
|||
|
7f8bbd693000
|
page read and write
|
|||
|
7f8c01ff3000
|
page read and write
|
|||
|
7ffe46f6f000
|
page execute read
|
|||
|
7f8bcd814000
|
page read and write
|
|||
|
c000400000
|
page read and write
|
|||
|
7ffe46f57000
|
page read and write
|
|||
|
7fca10211000
|
page read and write
|
|||
|
7fca56d86000
|
page read and write
|
|||
|
7f8bed814000
|
page read and write
|
|||
|
7fca425a7000
|
page read and write
|
|||
|
828000
|
page execute read
|
|||
|
7fca10311000
|
page read and write
|
|||
|
7ffc515f7000
|
page execute read
|
|||
|
7f8bff6c4000
|
page read and write
|
|||
|
c000400000
|
page read and write
|
|||
|
7f8c01a9a000
|
page read and write
|
|||
|
7f8bbb47e000
|
page read and write
|
|||
|
7f8bbb57e000
|
page read and write
|
|||
|
7f8bbb693000
|
page read and write
|
|||
|
7fca5682d000
|
page read and write
|
|||
|
1580000
|
page read and write
|
|||
|
7ffc51422000
|
page read and write
|
|||
|
7fca10426000
|
page read and write
|
|||
|
828000
|
page execute read
|
|||
|
1580000
|
page read and write
|
There are 20 hidden memdumps, click here to show them.