Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

/tmp/na.elf

/usr/lib/systemd/systemd

/usr/bin/dbus-daemon

/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

/usr/lib/systemd/systemd

/usr/bin/pulseaudio

/usr/bin/pulseaudio --daemonize=no --log-target=journal

/usr/lib/systemd/systemd

/usr/sbin/rsyslogd

/usr/sbin/rsyslogd -n -iNONE

/usr/libexec/gvfsd-fuse

/bin/fusermount

fusermount -u -q -z -- /run/user/1000/gvfs

/usr/lib/systemd/systemd

/lib/systemd/systemd-logind

/usr/lib/systemd/systemd

/usr/libexec/rtkit-daemon

/usr/lib/systemd/systemd

/usr/lib/policykit-1/polkitd

/usr/lib/policykit-1/polkitd --no-debug

/usr/lib/systemd/systemd

/sbin/agetty

/sbin/agetty -o "-p -- \\u" --noclear tty2 linux

/usr/sbin/gdm3

/etc/gdm3/PrimeOff/Default

/usr/sbin/gdm3

/etc/gdm3/PrimeOff/Default

/usr/sbin/gdm3

/etc/gdm3/PrimeOff/Default

/usr/lib/systemd/systemd

/usr/bin/gpu-manager

/usr/bin/gpu-manager --log /var/log/gpu-manager.log

/usr/bin/gpu-manager

/bin/sh

sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"

/bin/sh

/usr/bin/grep

grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf

/usr/bin/gpu-manager

/bin/sh

sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"

/bin/sh

/usr/bin/grep

grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf

/usr/bin/gpu-manager

/bin/sh

sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"

/bin/sh

/usr/bin/grep

grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf

/usr/bin/gpu-manager

/bin/sh

sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"

/bin/sh

/usr/bin/grep

grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf

/usr/bin/gpu-manager

/bin/sh

sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"

/bin/sh

/usr/bin/grep

grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf

/usr/bin/gpu-manager

/bin/sh

sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"

/bin/sh

/usr/bin/grep

grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf

/usr/bin/gpu-manager

/bin/sh

sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"

/bin/sh

/usr/bin/grep

grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf

/usr/bin/gpu-manager

/bin/sh

sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"

/bin/sh

/usr/bin/grep

grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf

/usr/lib/systemd/systemd

/usr/bin/dbus-daemon

/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

/usr/lib/systemd/systemd

/usr/share/gdm/generate-config

/usr/bin/pkill

pkill --signal HUP --uid gdm dconf-service

/usr/lib/systemd/systemd

/usr/lib/gdm3/gdm-wait-for-drm

/usr/lib/systemd/systemd

/usr/sbin/gdm3

/usr/bin/plymouth

plymouth --ping

/usr/sbin/gdm3

/usr/lib/gdm3/gdm-session-worker

"gdm-session-worker [pam/gdm-launch-environment]"

/usr/lib/gdm3/gdm-session-worker

/usr/lib/gdm3/gdm-wayland-session

/usr/lib/gdm3/gdm-wayland-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"

/usr/lib/gdm3/gdm-wayland-session

/usr/bin/dbus-run-session

dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart

/usr/bin/dbus-run-session

/usr/bin/dbus-daemon

dbus-daemon --nofork --print-address 4 --session

/usr/bin/dbus-daemon

/bin/false

/usr/bin/dbus-daemon

/bin/false

/usr/bin/dbus-daemon

/bin/false

/usr/bin/dbus-daemon

/bin/false

/usr/bin/dbus-daemon

/bin/false

/usr/bin/dbus-daemon

/bin/false

/usr/bin/dbus-daemon

/bin/false

/usr/bin/dbus-run-session

/usr/bin/gnome-session

gnome-session --autostart /usr/share/gdm/greeter/autostart

/usr/libexec/gnome-session-binary

/usr/libexec/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart

/usr/libexec/gnome-session-binary

/usr/bin/session-migration

session-migration

/usr/libexec/gnome-session-binary

/bin/sh

/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell

/usr/bin/gnome-shell

/usr/sbin/gdm3

/usr/lib/gdm3/gdm-session-worker

"gdm-session-worker [pam/gdm-launch-environment]"

/usr/lib/gdm3/gdm-session-worker

/usr/lib/gdm3/gdm-x-session

/usr/lib/gdm3/gdm-x-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"

/usr/lib/gdm3/gdm-x-session

/usr/bin/Xorg

/usr/bin/Xorg vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3

/usr/lib/xorg/Xorg.wrap

/usr/lib/xorg/Xorg.wrap vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3

/usr/lib/xorg/Xorg

/usr/lib/xorg/Xorg vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3

/usr/lib/xorg/Xorg

/bin/sh

sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""

/bin/sh

/usr/bin/xkbcomp

/usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm

/usr/lib/xorg/Xorg

/bin/sh

/usr/bin/xkbcomp

/usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm

/usr/lib/gdm3/gdm-x-session

/etc/gdm3/Prime/Default

/usr/lib/gdm3/gdm-x-session

/usr/bin/dbus-run-session

dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart

/usr/bin/dbus-run-session

/usr/bin/dbus-daemon

dbus-daemon --nofork --print-address 4 --session

/usr/bin/dbus-daemon

/usr/libexec/at-spi-bus-launcher

/usr/bin/dbus-daemon

/usr/bin/dbus-daemon --config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork --print-address 3

/usr/bin/dbus-daemon

/usr/libexec/at-spi2-registryd

/usr/libexec/at-spi2-registryd --use-gnome-session

/usr/bin/dbus-daemon

/bin/false

/usr/bin/dbus-daemon

/bin/false

/usr/bin/dbus-daemon

/bin/false

/usr/bin/dbus-daemon

/bin/false

/usr/bin/dbus-daemon

/bin/false

/usr/bin/dbus-daemon

/bin/false

/usr/bin/dbus-daemon

/bin/false

/usr/bin/dbus-daemon

/usr/libexec/ibus-portal

/usr/bin/dbus-daemon

/usr/bin/gjs

/usr/bin/gjs /usr/share/gnome-shell/org.gnome.Shell.Notifications

/usr/bin/dbus-daemon

/bin/false

/usr/bin/dbus-run-session

/usr/bin/gnome-session

gnome-session --autostart /usr/share/gdm/greeter/autostart

/usr/libexec/gnome-session-binary

/usr/libexec/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart

/usr/libexec/gnome-session-binary

/usr/libexec/gnome-session-check-accelerated

/usr/libexec/gnome-session-check-accelerated-gl-helper

/usr/libexec/gnome-session-check-accelerated-gl-helper --print-renderer

/usr/libexec/gnome-session-check-accelerated

/usr/libexec/gnome-session-check-accelerated-gles-helper

/usr/libexec/gnome-session-check-accelerated-gles-helper --print-renderer

/usr/libexec/gnome-session-binary

/usr/bin/session-migration

session-migration

/usr/libexec/gnome-session-binary

/bin/sh

/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell

/usr/bin/gnome-shell

/usr/bin/ibus-daemon

ibus-daemon --panel disable --xim

/usr/bin/ibus-daemon

/usr/libexec/ibus-memconf

/usr/bin/ibus-daemon

/usr/libexec/ibus-x11

/usr/libexec/ibus-x11 --kill-daemon

/usr/bin/ibus-daemon

/usr/libexec/ibus-engine-simple

/usr/libexec/gnome-session-binary

/bin/sh

/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing

/usr/libexec/gsd-sharing

/usr/libexec/gnome-session-binary

/bin/sh

/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom

/usr/libexec/gsd-wacom

/usr/libexec/gnome-session-binary

/bin/sh

/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-color

/usr/libexec/gsd-color

/usr/libexec/gnome-session-binary

/bin/sh

/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard

/usr/libexec/gsd-keyboard

/usr/libexec/gnome-session-binary

/bin/sh

/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications

/usr/libexec/gsd-print-notifications

/usr/libexec/gsd-printer

/usr/libexec/gnome-session-binary

/bin/sh

/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill

/usr/libexec/gsd-rfkill

/usr/libexec/gnome-session-binary

/bin/sh

/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-smartcard

/usr/libexec/gsd-smartcard

/usr/libexec/gnome-session-binary

/bin/sh

/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-datetime

/usr/libexec/gsd-datetime

/usr/libexec/gnome-session-binary

/bin/sh

/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys

/usr/libexec/gsd-media-keys

/usr/libexec/gnome-session-binary

/bin/sh

/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-screensaver-proxy

/usr/libexec/gsd-screensaver-proxy

/usr/libexec/gnome-session-binary

/bin/sh

/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sound

/usr/libexec/gsd-sound

/usr/libexec/gnome-session-binary

/bin/sh

/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-a11y-settings

/usr/libexec/gsd-a11y-settings

/usr/libexec/gnome-session-binary

/bin/sh

/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping

/usr/libexec/gsd-housekeeping

/usr/libexec/gnome-session-binary

/bin/sh

/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-power

/usr/libexec/gsd-power

/usr/libexec/gnome-session-binary

/bin/sh

/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/spice-vdagent

/usr/bin/spice-vdagent

/usr/libexec/gnome-session-binary

/bin/sh

/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh xbrlapi -q

/usr/bin/xbrlapi

xbrlapi -q

/usr/sbin/gdm3

/etc/gdm3/PrimeOff/Default

/usr/sbin/gdm3

/etc/gdm3/PrimeOff/Default

/usr/lib/systemd/systemd

/usr/lib/accountsservice/accounts-daemon

/usr/share/language-tools/language-validate

/usr/share/language-tools/language-validate en_US.UTF-8

/usr/share/language-tools/language-validate

/usr/share/language-tools/language-options

/bin/sh

sh -c "locale -a | grep -F .utf8 "

/bin/sh

/usr/bin/locale

locale -a

/bin/sh

/usr/bin/grep

grep -F .utf8

/usr/lib/systemd/systemd

/usr/bin/dbus-daemon

/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

/usr/lib/systemd/systemd

/lib/systemd/systemd-localed

/usr/lib/systemd/systemd

/usr/lib/upower/upowerd

/usr/lib/systemd/systemd

/usr/bin/pulseaudio

/usr/bin/pulseaudio --daemonize=no --log-target=journal

/usr/lib/systemd/systemd

/usr/libexec/geoclue

/usr/lib/systemd/systemd

/sbin/wpa_supplicant

/sbin/wpa_supplicant -u -s -O /run/wpa_supplicant

/usr/lib/systemd/systemd

/usr/sbin/avahi-daemon

/usr/sbin/avahi-daemon -s

/usr/sbin/avahi-daemon

/usr/lib/systemd/systemd

/usr/lib/packagekit/packagekitd

/usr/bin/dpkg

/usr/bin/dpkg --print-foreign-architectures

/usr/lib/systemd/systemd

/lib/systemd/systemd-hostnamed

/usr/lib/systemd/systemd

/usr/libexec/colord

/usr/libexec/colord-sane

/usr/lib/systemd/systemd

/usr/sbin/ModemManager

/usr/sbin/ModemManager --filter-policy=strict

/usr/lib/systemd/systemd

/lib/systemd/systemd-localed

/usr/lib/systemd/systemd

/usr/libexec/fprintd

There are 285 hidden processes, click here to show them.

URLs

Name

Malicious

https://www.rsyslog.com

unknown

http://wiki.x.org

unknown

http://www.ubuntu.com/support)

unknown

Domains

Name

Malicious

byte-mirai.kro.kr

154.216.20.119

Details

Name:	byte-mirai.kro.kr
IP:	154.216.20.119
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Found strings indicative of a multi-platform dropper	Spreading	Scripting
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable	System Summary
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

209.144.94.224

unknown

United States

87.184.38.219

unknown

Germany

65.176.213.40

unknown

United States

138.189.215.87

unknown

Switzerland

82.70.92.76

unknown

United Kingdom

59.239.123.33

unknown

China

171.132.210.234

unknown

United States

165.197.197.232

unknown

United States

173.213.44.170

unknown

United States

186.131.227.230

unknown

Argentina

157.161.177.150

unknown

Switzerland

213.1.47.99

unknown

United Kingdom

96.29.211.36

unknown

United States

57.63.222.41

unknown

Belgium

125.253.224.215

unknown

Hong Kong

92.224.168.13

unknown

Germany

195.232.253.78

unknown

Germany

101.160.47.3

unknown

Australia

164.84.153.244

unknown

United States

209.135.157.133

unknown

United States

51.142.97.176

unknown

United Kingdom

79.17.204.96

unknown

Italy

178.7.142.78

unknown

Germany

107.65.66.112

unknown

United States

200.227.227.132

unknown

Brazil

186.192.242.217

unknown

Brazil

222.156.110.236

unknown

Taiwan; Republic of China (ROC)

182.249.115.27

unknown

Japan

163.76.244.91

unknown

France

201.58.44.201

unknown

Brazil

213.42.251.202

unknown

United Arab Emirates

94.27.69.158

unknown

Ukraine

201.14.164.199

unknown

Brazil

155.19.196.171

unknown

United States

190.156.168.117

unknown

Colombia

138.133.158.61

unknown

United States

38.79.86.229

unknown

United States

43.106.75.61

unknown

Japan

202.212.22.138

unknown

Japan

136.159.124.44

unknown

Canada

97.205.56.195

unknown

United States

108.53.69.124

unknown

United States

133.218.135.80

unknown

Japan

39.72.248.82

unknown

China

86.175.23.201

unknown

United Kingdom

32.179.230.42

unknown

United States

60.156.44.35

unknown

Japan

136.175.129.241

unknown

Reserved

174.183.54.72

unknown

United States

217.101.79.67

unknown

Netherlands

172.250.116.226

unknown

United States

17.232.208.214

unknown

United States

90.79.30.143

unknown

France

135.76.111.176

unknown

United States

155.51.135.230

unknown

United States

65.163.214.143

unknown

United States

17.110.130.68

unknown

United States

124.83.132.226

unknown

Japan

116.109.198.10

unknown

Viet Nam

209.5.184.7

unknown

Canada

75.122.160.50

unknown

United States

84.61.19.207

unknown

Germany

86.209.52.168

unknown

France

137.252.83.122

unknown

United States

208.144.203.107

unknown

United States

75.74.178.246

unknown

United States

25.61.6.21

unknown

United Kingdom

37.94.133.140

unknown

Germany

100.131.224.68

unknown

United States

168.235.88.18

unknown

United States

79.167.165.54

unknown

Greece

187.164.89.41

unknown

Mexico

111.132.36.131

unknown

China

41.210.115.191

unknown

182.174.45.60

unknown

China

38.151.122.157

unknown

United States

17.59.155.191

unknown

United States

144.9.162.163

unknown

United States

95.126.182.158

unknown

Spain

36.37.168.155

unknown

Cambodia

107.169.197.220

unknown

Reserved

187.210.223.133

unknown

Mexico

17.70.140.215

unknown

United States

47.255.177.103

unknown

Canada

4.191.205.37

unknown

United States

108.176.28.17

unknown

United States

97.38.132.51

unknown

United States

205.53.193.253

unknown

United States

109.36.132.112

unknown

Netherlands

87.203.99.179

unknown

Greece

57.74.23.11

unknown

Belgium

68.45.1.190

unknown

United States

185.33.22.61

unknown

Switzerland

169.13.99.33

unknown

United States

80.128.29.8

unknown

Germany

174.200.107.217

unknown

United States

70.214.137.45

unknown

United States

113.58.178.63

unknown

China

139.90.44.15

unknown

Belgium

134.143.28.122

unknown

Netherlands

There are 90 hidden IPs, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

7ff654415000

page execute read

7ff654415000

page execute read

7ff654415000

page execute read

7ff654415000

page execute read

7ff654415000

page execute read

7ff654415000

page execute read

7ff654455000

page read and write

7ff6da05b000

page read and write

7ff6daf02000

page read and write

5574f0c0d000

page execute and read and write

5574eec0f000

page read and write

7ff6daf02000

page read and write

7ff6d4021000

page read and write

7ff654455000

page read and write

5574f0c0d000

page execute and read and write

5574f0c24000

page read and write

7ff6dab21000

page read and write

7ff6d4021000

page read and write

7ff65445a000

page read and write

7ff6da871000

page read and write

7ff654458000

page read and write

5574f0c0d000

page execute and read and write

5574eec0f000

page read and write

5574eec05000

page read and write

7ff6da863000

page read and write

7ff654455000

page read and write

7ff6daee5000

page read and write

7ff6d4000000

page read and write

5574f0c24000

page read and write

7ff6db545000

page read and write

7ff6da871000

page read and write

5574f0eea000

page read and write

7ffd58810000

page read and write

7ff6db53d000

page read and write

7ff6d4021000

page read and write

7ff6db53d000

page read and write

7ff6db58a000

page read and write

7ff65445a000

page read and write

7ff6da863000

page read and write

7ff6daec2000

page read and write

7ff6daec2000

page read and write

5574f0c0d000

page execute and read and write

5574f0eea000

page read and write

7ff6db58a000

page read and write

7ff6daf02000

page read and write

5574f0c24000

page read and write

7ff6db53d000

page read and write

7ff6d4000000

page read and write

5574ee97d000

page execute read

7ff654458000

page read and write

5574f0c24000

page read and write

7ff6db545000

page read and write

7ff654455000

page read and write

7ffd58986000

page execute read

7ff6da05b000

page read and write

7ff6db545000

page read and write

7ff6da871000

page read and write

5574ee97d000

page execute read

7ff6dab21000

page read and write

7ff6db233000

page read and write

7ff6dab21000

page read and write

5574eec05000

page read and write

5574f0f0a000

page read and write

5574f0eea000

page read and write

5574ee97d000

page execute read

7ff6db233000

page read and write

5574eec0f000

page read and write

7ff6db233000

page read and write

5574f0c0d000

page execute and read and write

7ffd58810000

page read and write

5574ee97d000

page execute read

7ff6da871000

page read and write

7ff6db233000

page read and write

7ff6db545000

page read and write

7ff654458000

page read and write

7ff6d4000000

page read and write

7ff6daee5000

page read and write

7ff6db53d000

page read and write

7ff6daee5000

page read and write

7ff6db53d000

page read and write

7ff6db414000

page read and write

7ffd58810000

page read and write

5574eec05000

page read and write

7ff6da871000

page read and write

7ff6da863000

page read and write

7ffd58986000

page execute read

7ff6db58a000

page read and write

7ffd58986000

page execute read

7ff6dab21000

page read and write

5574eec0f000

page read and write

7ff6daec2000

page read and write

5574f0f0a000

page read and write

7ff6db545000

page read and write

7ff6da05b000

page read and write

7ff654455000

page read and write

5574eec0f000

page read and write

7ff6db53d000

page read and write

7ff6d4000000

page read and write

5574f0c24000

page read and write

7ff6daf02000

page read and write

7ff6db58a000

page read and write

5574f0c0d000

page execute and read and write

7ff6da863000

page read and write

7ff6db414000

page read and write

7ff6db414000

page read and write

7ff6daec2000

page read and write

7ff6da05b000

page read and write

5574eec0f000

page read and write

7ff6d4021000

page read and write

5574ee97d000

page execute read

7ff6da05b000

page read and write

7ff6db414000

page read and write

7ff6daee5000

page read and write

7ff6da871000

page read and write

7ff6daee5000

page read and write

7ff6db414000

page read and write

7ff6d4021000

page read and write

5574f0eea000

page read and write

7ff654458000

page read and write

5574eec05000

page read and write

5574eec05000

page read and write

7ff6dab21000

page read and write

7ffd58810000

page read and write

7ff6db414000

page read and write

7ff654455000

page read and write

7ff654458000

page read and write

7ff6d4021000

page read and write

5574f0c24000

page read and write

7ffd58810000

page read and write

7ffd58986000

page execute read

7ff6daf02000

page read and write

7ffd58986000

page execute read

7ff6d4000000

page read and write

7ff6da863000

page read and write

7ff6daec2000

page read and write

7ff6db58a000

page read and write

7ffd58810000

page read and write

7ff6da05b000

page read and write

7ff6db233000

page read and write

7ff6daec2000

page read and write

7ff654458000

page read and write

7ff6daee5000

page read and write

5574eec05000

page read and write

5574f0eea000

page read and write

7ff6db233000

page read and write

7ffd58986000

page execute read

7ff6dab21000

page read and write

7ff6da863000

page read and write

7ff6db58a000

page read and write

7ff6db545000

page read and write

5574ee97d000

page execute read

5574f0eea000

page read and write

7ff6d4000000

page read and write

7ff6daf02000

page read and write

There are 144 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
na.elf

Files

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportna.elf

Files

Processes

URLs

Domains

IPs

Memdumps

IOC Report
na.elf