Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
/tmp/zone.arm64.elf
|
/tmp/zone.arm64.elf
|
||
|
/tmp/zone.arm64.elf
|
-
|
||
|
/tmp/zone.arm64.elf
|
/tmp/zone.arm64.elf -b
|
||
|
/tmp/zone.arm64.elf
|
-
|
||
|
/bin/bash
|
/bin/bash -c uptime
|
||
|
/usr/bin/uptime
|
uptime
|
||
|
/tmp/zone.arm64.elf
|
-
|
||
|
/usr/bin/bash
|
bash -c "cat /proc/net/dev |grep ens160 |awk '{print $2}'"
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/cat
|
cat /proc/net/dev
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/grep
|
grep ens160
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/awk
|
awk "{print $2}"
|
||
|
/tmp/zone.arm64.elf
|
-
|
||
|
/usr/bin/bash
|
bash -c "cat /proc/net/dev |grep ens160 |awk '{print $10}'"
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/cat
|
cat /proc/net/dev
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/grep
|
grep ens160
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/awk
|
awk "{print $10}"
|
||
|
/tmp/zone.arm64.elf
|
-
|
||
|
/usr/bin/bash
|
bash -c "cat /proc/net/dev |grep ens160 |awk '{print $2}'"
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/cat
|
cat /proc/net/dev
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/grep
|
grep ens160
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/awk
|
awk "{print $2}"
|
||
|
/tmp/zone.arm64.elf
|
-
|
||
|
/usr/bin/bash
|
bash -c "cat /proc/net/dev |grep ens160 |awk '{print $10}'"
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/cat
|
cat /proc/net/dev
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/grep
|
grep ens160
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/awk
|
awk "{print $10}"
|
||
|
/tmp/zone.arm64.elf
|
-
|
||
|
/usr/bin/bash
|
bash -c "cat /proc/net/dev |grep ens160 |awk '{print $2}'"
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/cat
|
cat /proc/net/dev
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/grep
|
grep ens160
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/awk
|
awk "{print $2}"
|
||
|
/tmp/zone.arm64.elf
|
-
|
||
|
/usr/bin/bash
|
bash -c "cat /proc/net/dev |grep ens160 |awk '{print $10}'"
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/cat
|
cat /proc/net/dev
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/grep
|
grep ens160
|
||
|
/usr/bin/bash
|
-
|
||
|
/usr/bin/awk
|
awk "{print $10}"
|
There are 44 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://upx.sf.net
|
unknown
|
 |
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
daisy.ubuntu.com
|
162.213.35.24
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
38.60.221.177
|
unknown
|
United States
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1400000b000
|
page read and write
|
|||
|
7fea0e630000
|
page read and write
|
|||
|
7fea0f0c1000
|
page read and write
|
|||
|
4000863000
|
page read and write
|
|||
|
4000865000
|
page read and write
|
|||
|
7fea0e7f7000
|
page read and write
|
|||
|
404742e000
|
page read and write
|
|||
|
40473ee000
|
page read and write
|
|||
|
4000801000
|
page read and write
|
|||
|
7fea00047000
|
page read and write
|
|||
|
40011b4000
|
page read and write
|
|||
|
14000400000
|
page read and write
|
|||
|
5643c6584000
|
page read and write
|
|||
|
55db904f2000
|
page execute read
|
|||
|
40253e4000
|
page read and write
|
|||
|
3de000
|
page execute read
|
|||
|
7ffe67139000
|
page execute read
|
|||
|
7fe9fc080000
|
page read and write
|
|||
|
7fd376d17000
|
page read and write
|
|||
|
7fd3773fb000
|
page read and write
|
|||
|
7fea0f720000
|
page read and write
|
|||
|
7fe9f8056000
|
page read and write
|
|||
|
1400020f000
|
page read and write
|
|||
|
7fd377392000
|
page read and write
|
|||
|
7fd37674a000
|
page read and write
|
|||
|
7fd377088000
|
page read and write
|
|||
|
7fd360021000
|
page read and write
|
|||
|
7fea08021000
|
page read and write
|
|||
|
4000802000
|
page execute read
|
|||
|
7fea0fa91000
|
page read and write
|
|||
|
7fea0e838000
|
page read and write
|
|||
|
7fd3766b8000
|
page read and write
|
|||
|
7fea0fc72000
|
page read and write
|
|||
|
7fd368021000
|
page read and write
|
|||
|
7fe9f0046000
|
page read and write
|
|||
|
7fea0f743000
|
page read and write
|
|||
|
55db93717000
|
page read and write
|
|||
|
7fd376d3a000
|
page read and write
|
|||
|
7fd375dad000
|
page read and write
|
|||
|
55db9077a000
|
page read and write
|
|||
|
7fea0f8af000
|
page read and write
|
|||
|
40053e4000
|
page read and write
|
|||
|
7fea0fe04000
|
page read and write
|
|||
|
7fd376aac000
|
page read and write
|
|||
|
55db92778000
|
page execute and read and write
|
|||
|
7ffc6475a000
|
page read and write
|
|||
|
5643c568b000
|
page read and write
|
|||
|
7fd3773b6000
|
page read and write
|
|||
|
7fe9ec021000
|
page read and write
|
|||
|
7fea0e671000
|
page read and write
|
|||
|
5643c3677000
|
page read and write
|
|||
|
7fd375dee000
|
page read and write
|
|||
|
1400000b000
|
page read and write
|
|||
|
7fe9e8032000
|
page read and write
|
|||
|
1133000
|
page read and write
|
|||
|
7fea04027000
|
page read and write
|
|||
|
3de000
|
page execute read
|
|||
|
7fea0e775000
|
page read and write
|
|||
|
14000400000
|
page read and write
|
|||
|
7fea0fd9b000
|
page read and write
|
|||
|
7fea0f153000
|
page read and write
|
|||
|
4000801000
|
page read and write
|
|||
|
400096e000
|
page read and write
|
|||
|
1133000
|
page read and write
|
|||
|
4000863000
|
page read and write
|
|||
|
4000802000
|
page execute read
|
|||
|
7ffe6705b000
|
page read and write
|
|||
|
5643c366c000
|
page read and write
|
|||
|
40253e4000
|
page read and write
|
|||
|
55db9278e000
|
page read and write
|
|||
|
7fea0f4b5000
|
page read and write
|
|||
|
14000253000
|
page read and write
|
|||
|
40053e4000
|
page read and write
|
|||
|
7ffc647fa000
|
page execute read
|
|||
|
7fea0e734000
|
page read and write
|
|||
|
7fea0e6f3000
|
page read and write
|
|||
|
7fe9f4065000
|
page read and write
|
|||
|
5643c5675000
|
page execute and read and write
|
|||
|
7fd36c021000
|
page read and write
|
|||
|
7fd377269000
|
page read and write
|
|||
|
7fea0e7b6000
|
page read and write
|
|||
|
7fd375eb0000
|
page read and write
|
|||
|
7fea0e6b2000
|
page read and write
|
|||
|
7fea0fdbf000
|
page read and write
|
|||
|
400096e000
|
page read and write
|
|||
|
55db9076f000
|
page read and write
|
|||
|
7fd370021000
|
page read and write
|
|||
|
4000865000
|
page read and write
|
|||
|
7fd376ea6000
|
page read and write
|
|||
|
14000059000
|
page read and write
|
|||
|
5643c33ef000
|
page execute read
|
|||
|
40011b4000
|
page read and write
|
There are 82 hidden memdumps, click here to show them.