Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
/usr/bin/dash
|
-
|
||
|
/usr/bin/rm
|
rm -f /tmp/tmp.LkcmSSBOTi /tmp/tmp.0L3m1Lf8Gy /tmp/tmp.o2SAY1ICZO
|
||
|
/usr/bin/dash
|
-
|
||
|
/usr/bin/cat
|
cat /tmp/tmp.LkcmSSBOTi
|
||
|
/usr/bin/dash
|
-
|
||
|
/usr/bin/head
|
head -n 10
|
||
|
/usr/bin/dash
|
-
|
||
|
/usr/bin/tr
|
tr -d \\000-\\011\\013\\014\\016-\\037
|
||
|
/usr/bin/dash
|
-
|
||
|
/usr/bin/cut
|
cut -c -80
|
||
|
/usr/bin/dash
|
-
|
||
|
/usr/bin/cat
|
cat /tmp/tmp.LkcmSSBOTi
|
||
|
/usr/bin/dash
|
-
|
||
|
/usr/bin/head
|
head -n 10
|
||
|
/usr/bin/dash
|
-
|
||
|
/usr/bin/tr
|
tr -d \\000-\\011\\013\\014\\016-\\037
|
||
|
/usr/bin/dash
|
-
|
||
|
/usr/bin/cut
|
cut -c -80
|
||
|
/usr/bin/dash
|
-
|
||
|
/usr/bin/rm
|
rm -f /tmp/tmp.LkcmSSBOTi /tmp/tmp.0L3m1Lf8Gy /tmp/tmp.o2SAY1ICZO
|
||
|
/tmp/nshsh4.elf
|
/tmp/nshsh4.elf
|
||
|
/tmp/nshsh4.elf
|
-
|
||
|
/tmp/nshsh4.elf
|
-
|
||
|
/tmp/nshsh4.elf
|
-
|
||
|
/tmp/nshsh4.elf
|
-
|
||
|
/tmp/nshsh4.elf
|
-
|
There are 16 hidden processes, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
shitrocket.dyn
|
212.64.215.71
|
||
|
catlovingfools.geek
|
185.72.8.231
|
||
|
catlovingfools.geek. [malformed]
|
unknown
|
||
|
hikvision.geek. [malformed]
|
unknown
|
||
|
catvision.dyn. [malformed]
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
87.170.50.136
|
unknown
|
Germany
|
||
|
41.190.177.108
|
unknown
|
unknown
|
||
|
70.92.228.173
|
unknown
|
United States
|
||
|
24.101.205.80
|
unknown
|
United States
|
||
|
73.150.52.73
|
unknown
|
United States
|
||
|
84.252.80.27
|
unknown
|
Turkey
|
||
|
81.128.95.18
|
unknown
|
United Kingdom
|
||
|
62.202.185.160
|
unknown
|
Switzerland
|
||
|
134.22.164.133
|
unknown
|
Canada
|
||
|
39.16.192.238
|
unknown
|
Korea Republic of
|
||
|
187.203.59.159
|
unknown
|
Mexico
|
||
|
129.70.219.126
|
unknown
|
Germany
|
||
|
161.133.10.15
|
unknown
|
United States
|
||
|
114.204.119.194
|
unknown
|
Korea Republic of
|
||
|
113.230.107.60
|
unknown
|
China
|
||
|
69.170.111.139
|
unknown
|
United States
|
||
|
156.43.68.95
|
unknown
|
United Kingdom
|
||
|
77.98.235.101
|
unknown
|
United Kingdom
|
||
|
39.18.24.248
|
unknown
|
Korea Republic of
|
||
|
161.115.197.115
|
unknown
|
United States
|
||
|
156.34.23.170
|
unknown
|
Canada
|
||
|
176.177.37.177
|
unknown
|
France
|
||
|
34.214.77.0
|
unknown
|
United States
|
||
|
34.201.230.221
|
unknown
|
United States
|
||
|
57.9.145.53
|
unknown
|
Belgium
|
||
|
95.217.252.201
|
unknown
|
Germany
|
||
|
149.118.255.217
|
unknown
|
United States
|
||
|
191.97.222.70
|
unknown
|
Argentina
|
||
|
42.9.212.111
|
unknown
|
Korea Republic of
|
||
|
32.143.225.26
|
unknown
|
United States
|
||
|
210.19.34.142
|
unknown
|
Malaysia
|
||
|
123.143.169.254
|
unknown
|
Korea Republic of
|
||
|
52.215.16.10
|
unknown
|
United States
|
||
|
43.2.122.60
|
unknown
|
Japan
|
||
|
141.247.220.207
|
unknown
|
United States
|
||
|
105.97.152.173
|
unknown
|
Algeria
|
||
|
76.38.230.134
|
unknown
|
United States
|
||
|
122.205.13.202
|
unknown
|
China
|
||
|
86.214.133.3
|
unknown
|
France
|
||
|
64.219.130.166
|
unknown
|
United States
|
||
|
192.158.98.65
|
unknown
|
United States
|
||
|
180.170.25.203
|
unknown
|
China
|
||
|
52.57.136.190
|
unknown
|
United States
|
||
|
32.46.254.235
|
unknown
|
United States
|
||
|
30.149.114.29
|
unknown
|
United States
|
||
|
207.62.109.93
|
unknown
|
United States
|
||
|
179.128.56.57
|
unknown
|
Brazil
|
||
|
134.197.7.95
|
unknown
|
United States
|
||
|
212.171.82.116
|
unknown
|
Italy
|
||
|
72.228.249.11
|
unknown
|
United States
|
||
|
158.192.147.84
|
unknown
|
France
|
||
|
73.68.12.129
|
unknown
|
United States
|
||
|
80.178.27.54
|
unknown
|
Israel
|
||
|
116.170.166.231
|
unknown
|
China
|
||
|
74.214.134.141
|
unknown
|
Canada
|
||
|
83.49.211.134
|
unknown
|
Spain
|
||
|
222.141.131.184
|
unknown
|
China
|
||
|
196.203.148.190
|
unknown
|
Tunisia
|
||
|
138.100.195.141
|
unknown
|
Spain
|
||
|
141.46.244.210
|
unknown
|
Germany
|
||
|
96.95.73.84
|
unknown
|
United States
|
||
|
46.244.245.50
|
unknown
|
Germany
|
||
|
88.13.188.208
|
unknown
|
Spain
|
||
|
6.234.72.3
|
unknown
|
United States
|
||
|
74.114.233.98
|
unknown
|
United States
|
||
|
26.27.46.8
|
unknown
|
United States
|
||
|
188.75.4.163
|
unknown
|
Russian Federation
|
||
|
166.111.47.159
|
unknown
|
China
|
||
|
146.147.249.72
|
unknown
|
United States
|
||
|
185.19.109.111
|
unknown
|
United Kingdom
|
||
|
207.218.215.172
|
unknown
|
United States
|
||
|
137.54.199.175
|
unknown
|
United States
|
||
|
80.124.112.43
|
unknown
|
France
|
||
|
32.45.187.34
|
unknown
|
United States
|
||
|
199.47.105.29
|
unknown
|
United States
|
||
|
140.92.20.174
|
unknown
|
Taiwan; Republic of China (ROC)
|
||
|
41.227.43.85
|
unknown
|
Tunisia
|
||
|
156.202.232.8
|
unknown
|
Egypt
|
||
|
178.27.198.198
|
unknown
|
Germany
|
||
|
219.196.125.236
|
unknown
|
Japan
|
||
|
120.146.77.69
|
unknown
|
Australia
|
||
|
83.114.18.64
|
unknown
|
France
|
||
|
54.181.79.122
|
unknown
|
United States
|
||
|
220.78.203.80
|
unknown
|
Korea Republic of
|
||
|
89.168.168.179
|
unknown
|
United Kingdom
|
||
|
218.47.9.184
|
unknown
|
Japan
|
||
|
124.90.166.96
|
unknown
|
China
|
||
|
162.100.210.112
|
unknown
|
United States
|
||
|
201.188.216.73
|
unknown
|
Chile
|
||
|
213.133.37.123
|
unknown
|
Netherlands
|
||
|
141.229.223.199
|
unknown
|
unknown
|
||
|
141.192.80.49
|
unknown
|
Finland
|
||
|
122.50.222.50
|
unknown
|
India
|
||
|
121.145.187.105
|
unknown
|
Korea Republic of
|
||
|
108.235.60.249
|
unknown
|
United States
|
||
|
185.220.10.212
|
unknown
|
Spain
|
||
|
48.99.221.226
|
unknown
|
United States
|
||
|
182.8.245.132
|
unknown
|
Indonesia
|
||
|
124.70.244.248
|
unknown
|
China
|
||
|
32.179.68.31
|
unknown
|
United States
|
There are 90 hidden IPs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7f19d8410000
|
page execute read
|
 |
||
|
7f19d8410000
|
page execute read
|
|
||
|
7f19d8410000
|
page execute read
|
|
||
|
55dcb4ede000
|
page read and write
|
|||
|
7f1a5d49a000
|
page read and write
|
|||
|
55dcb81be000
|
page read and write
|
|||
|
7f1a5d49a000
|
page read and write
|
|||
|
7f19d8420000
|
page read and write
|
|||
|
7f1a58000000
|
page read and write
|
|||
|
7f1a5d14f000
|
page read and write
|
|||
|
7f1a5d14f000
|
page read and write
|
|||
|
7f1a5cad9000
|
page read and write
|
|||
|
55dcb6ef3000
|
page read and write
|
|||
|
7f1a5d5cb000
|
page read and write
|
|||
|
7ffd1ef74000
|
page execute read
|
|||
|
7f1a5d49a000
|
page read and write
|
|||
|
7f1a5d14f000
|
page read and write
|
|||
|
7f1a58021000
|
page read and write
|
|||
|
7f1a5d5c3000
|
page read and write
|
|||
|
55dcb4ed6000
|
page read and write
|
|||
|
55dcb4cc0000
|
page execute read
|
|||
|
55dcb6ef3000
|
page read and write
|
|||
|
7ffd1ef74000
|
page execute read
|
|||
|
7f1a5d610000
|
page read and write
|
|||
|
55dcb6edc000
|
page execute and read and write
|
|||
|
55dcb4ede000
|
page read and write
|
|||
|
7f1a5c2c8000
|
page read and write
|
|||
|
7f1a5cd68000
|
page read and write
|
|||
|
7f1a5d12a000
|
page read and write
|
|||
|
55dcb81de000
|
page read and write
|
|||
|
7f1a5cacb000
|
page read and write
|
|||
|
7f1a5d12a000
|
page read and write
|
|||
|
7f1a5d5cb000
|
page read and write
|
|||
|
7f19d8426000
|
page read and write
|
|||
|
7f1a5d610000
|
page read and write
|
|||
|
7f1a5d12a000
|
page read and write
|
|||
|
7f1a58021000
|
page read and write
|
|||
|
7f1a5cacb000
|
page read and write
|
|||
|
55dcb4cc0000
|
page execute read
|
|||
|
7f1a5c2c8000
|
page read and write
|
|||
|
55dcb4cc0000
|
page execute read
|
|||
|
7f1a5d5c3000
|
page read and write
|
|||
|
7f19d8426000
|
page read and write
|
|||
|
7ffd1ee69000
|
page read and write
|
|||
|
55dcb6edc000
|
page execute and read and write
|
|||
|
7f19d8420000
|
page read and write
|
|||
|
55dcb81be000
|
page read and write
|
|||
|
55dcb6ef3000
|
page read and write
|
|||
|
7f19d8426000
|
page read and write
|
|||
|
7f1a58021000
|
page read and write
|
|||
|
7ffd1ee69000
|
page read and write
|
|||
|
7f1a5cd68000
|
page read and write
|
|||
|
7ffd1ee69000
|
page read and write
|
|||
|
7f1a5cad9000
|
page read and write
|
|||
|
7f1a58000000
|
page read and write
|
|||
|
7f1a58000000
|
page read and write
|
|||
|
55dcb4ede000
|
page read and write
|
|||
|
55dcb4ed6000
|
page read and write
|
|||
|
7f1a5d5cb000
|
page read and write
|
|||
|
7f1a5d610000
|
page read and write
|
|||
|
7f1a5cd68000
|
page read and write
|
|||
|
55dcb6edc000
|
page execute and read and write
|
|||
|
7f1a5cacb000
|
page read and write
|
|||
|
7f1a5c2c8000
|
page read and write
|
|||
|
55dcb4ed6000
|
page read and write
|
|||
|
7ffd1ef74000
|
page execute read
|
|||
|
55dcb81be000
|
page read and write
|
|||
|
7f19d8420000
|
page read and write
|
|||
|
7f1a5cad9000
|
page read and write
|
|||
|
7f1a5d5c3000
|
page read and write
|
There are 60 hidden memdumps, click here to show them.