Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

/tmp/na.elf

/usr/lib/systemd/systemd

/usr/bin/dbus-daemon

/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

/usr/lib/systemd/systemd

/usr/bin/pulseaudio

/usr/bin/pulseaudio --daemonize=no --log-target=journal

/usr/lib/systemd/systemd

/usr/sbin/rsyslogd

/usr/sbin/rsyslogd -n -iNONE

/usr/libexec/gvfsd-fuse

/bin/fusermount

fusermount -u -q -z -- /run/user/1000/gvfs

/usr/lib/systemd/systemd

/lib/systemd/systemd-logind

/usr/lib/systemd/systemd

/usr/libexec/rtkit-daemon

/usr/lib/systemd/systemd

/usr/lib/policykit-1/polkitd

/usr/lib/policykit-1/polkitd --no-debug

/usr/lib/systemd/systemd

/sbin/agetty

/sbin/agetty -o "-p -- \\u" --noclear tty2 linux

/usr/sbin/gdm3

/etc/gdm3/PrimeOff/Default

/usr/sbin/gdm3

/etc/gdm3/PrimeOff/Default

/usr/sbin/gdm3

/etc/gdm3/PrimeOff/Default

/usr/lib/systemd/systemd

/usr/bin/gpu-manager

/usr/bin/gpu-manager --log /var/log/gpu-manager.log

/usr/bin/gpu-manager

/bin/sh

sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"

/bin/sh

/usr/bin/grep

grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf

/usr/bin/gpu-manager

/bin/sh

sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"

/bin/sh

/usr/bin/grep

grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf

/usr/bin/gpu-manager

/bin/sh

sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"

/bin/sh

/usr/bin/grep

grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf

/usr/bin/gpu-manager

/bin/sh

sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"

/bin/sh

/usr/bin/grep

grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf

/usr/bin/gpu-manager

/bin/sh

sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"

/bin/sh

/usr/bin/grep

grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf

/usr/bin/gpu-manager

/bin/sh

sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"

/bin/sh

/usr/bin/grep

grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf

/usr/bin/gpu-manager

/bin/sh

sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"

/bin/sh

/usr/bin/grep

grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf

/usr/bin/gpu-manager

/bin/sh

sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"

/bin/sh

/usr/bin/grep

grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf

/usr/lib/systemd/systemd

/usr/bin/dbus-daemon

/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

/usr/lib/systemd/systemd

/usr/share/gdm/generate-config

/usr/bin/pkill

pkill --signal HUP --uid gdm dconf-service

/usr/lib/systemd/systemd

/usr/lib/gdm3/gdm-wait-for-drm

/usr/lib/systemd/systemd

/usr/sbin/gdm3

/usr/bin/plymouth

plymouth --ping

/usr/sbin/gdm3

/usr/lib/gdm3/gdm-session-worker

"gdm-session-worker [pam/gdm-launch-environment]"

/usr/lib/gdm3/gdm-session-worker

/usr/lib/gdm3/gdm-wayland-session

/usr/lib/gdm3/gdm-wayland-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"

/usr/lib/gdm3/gdm-wayland-session

/usr/bin/dbus-run-session

dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart

/usr/bin/dbus-run-session

/usr/bin/dbus-daemon

dbus-daemon --nofork --print-address 4 --session

/usr/bin/dbus-daemon

/bin/false

/usr/bin/dbus-daemon

/bin/false

/usr/bin/dbus-daemon

/bin/false

/usr/bin/dbus-daemon

/bin/false

/usr/bin/dbus-daemon

/bin/false

/usr/bin/dbus-daemon

/bin/false

/usr/bin/dbus-daemon

/bin/false

/usr/bin/dbus-run-session

/usr/bin/gnome-session

gnome-session --autostart /usr/share/gdm/greeter/autostart

/usr/libexec/gnome-session-binary

/usr/libexec/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart

/usr/libexec/gnome-session-binary

/usr/bin/session-migration

session-migration

/usr/libexec/gnome-session-binary

/bin/sh

/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell

/usr/bin/gnome-shell

/usr/sbin/gdm3

/usr/lib/gdm3/gdm-session-worker

"gdm-session-worker [pam/gdm-launch-environment]"

/usr/lib/gdm3/gdm-session-worker

/usr/lib/gdm3/gdm-x-session

/usr/lib/gdm3/gdm-x-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"

/usr/lib/gdm3/gdm-x-session

/usr/bin/Xorg

/usr/bin/Xorg vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3

/usr/lib/xorg/Xorg.wrap

/usr/lib/xorg/Xorg.wrap vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3

/usr/lib/xorg/Xorg

/usr/lib/xorg/Xorg vt1 -displayfd 3 -auth /run/user/127/gdm/Xauthority -background none -noreset -keeptty -verbose 3

/usr/lib/xorg/Xorg

/bin/sh

sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""

/bin/sh

/usr/bin/xkbcomp

/usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm

/usr/lib/xorg/Xorg

/bin/sh

/usr/bin/xkbcomp

/usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm

/usr/lib/gdm3/gdm-x-session

/etc/gdm3/Prime/Default

/usr/lib/gdm3/gdm-x-session

/usr/bin/dbus-run-session

dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart

/usr/bin/dbus-run-session

/usr/bin/dbus-daemon

dbus-daemon --nofork --print-address 4 --session

/usr/bin/dbus-daemon

/usr/libexec/at-spi-bus-launcher

/usr/bin/dbus-daemon

/usr/bin/dbus-daemon --config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork --print-address 3

/usr/bin/dbus-daemon

/usr/libexec/at-spi2-registryd

/usr/libexec/at-spi2-registryd --use-gnome-session

/usr/bin/dbus-daemon

/bin/false

/usr/bin/dbus-daemon

/bin/false

/usr/bin/dbus-daemon

/bin/false

/usr/bin/dbus-daemon

/bin/false

/usr/bin/dbus-daemon

/bin/false

/usr/bin/dbus-daemon

/bin/false

/usr/bin/dbus-daemon

/bin/false

/usr/bin/dbus-daemon

/usr/libexec/ibus-portal

/usr/bin/dbus-daemon

/usr/bin/gjs

/usr/bin/gjs /usr/share/gnome-shell/org.gnome.Shell.Notifications

/usr/bin/dbus-daemon

/bin/false

/usr/bin/dbus-run-session

/usr/bin/gnome-session

gnome-session --autostart /usr/share/gdm/greeter/autostart

/usr/libexec/gnome-session-binary

/usr/libexec/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart

/usr/libexec/gnome-session-binary

/usr/libexec/gnome-session-check-accelerated

/usr/libexec/gnome-session-check-accelerated-gl-helper

/usr/libexec/gnome-session-check-accelerated-gl-helper --print-renderer

/usr/libexec/gnome-session-check-accelerated

/usr/libexec/gnome-session-check-accelerated-gles-helper

/usr/libexec/gnome-session-check-accelerated-gles-helper --print-renderer

/usr/libexec/gnome-session-binary

/usr/bin/session-migration

session-migration

/usr/libexec/gnome-session-binary

/bin/sh

/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell

/usr/bin/gnome-shell

/usr/bin/ibus-daemon

ibus-daemon --panel disable --xim

/usr/bin/ibus-daemon

/usr/libexec/ibus-memconf

/usr/bin/ibus-daemon

/usr/libexec/ibus-x11

/usr/libexec/ibus-x11 --kill-daemon

/usr/bin/ibus-daemon

/usr/libexec/ibus-engine-simple

/usr/libexec/gnome-session-binary

/bin/sh

/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing

/usr/libexec/gsd-sharing

/usr/libexec/gnome-session-binary

/bin/sh

/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom

/usr/libexec/gsd-wacom

/usr/libexec/gnome-session-binary

/bin/sh

/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-color

/usr/libexec/gsd-color

/usr/libexec/gnome-session-binary

/bin/sh

/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard

/usr/libexec/gsd-keyboard

/usr/libexec/gnome-session-binary

/bin/sh

/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications

/usr/libexec/gsd-print-notifications

/usr/libexec/gsd-printer

/usr/libexec/gnome-session-binary

/bin/sh

/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill

/usr/libexec/gsd-rfkill

/usr/libexec/gnome-session-binary

/bin/sh

/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-smartcard

/usr/libexec/gsd-smartcard

/usr/libexec/gnome-session-binary

/bin/sh

/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-datetime

/usr/libexec/gsd-datetime

/usr/libexec/gnome-session-binary

/bin/sh

/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys

/usr/libexec/gsd-media-keys

/usr/libexec/gnome-session-binary

/bin/sh

/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-screensaver-proxy

/usr/libexec/gsd-screensaver-proxy

/usr/libexec/gnome-session-binary

/bin/sh

/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sound

/usr/libexec/gsd-sound

/usr/libexec/gnome-session-binary

/bin/sh

/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-a11y-settings

/usr/libexec/gsd-a11y-settings

/usr/libexec/gnome-session-binary

/bin/sh

/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping

/usr/libexec/gsd-housekeeping

/usr/libexec/gnome-session-binary

/bin/sh

/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-power

/usr/libexec/gsd-power

/usr/libexec/gnome-session-binary

/bin/sh

/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/spice-vdagent

/usr/bin/spice-vdagent

/usr/sbin/gdm3

/etc/gdm3/PrimeOff/Default

/usr/sbin/gdm3

/etc/gdm3/PrimeOff/Default

/usr/lib/systemd/systemd

/usr/lib/accountsservice/accounts-daemon

/usr/share/language-tools/language-validate

/usr/share/language-tools/language-validate en_US.UTF-8

/usr/share/language-tools/language-validate

/usr/share/language-tools/language-options

/bin/sh

sh -c "locale -a | grep -F .utf8 "

/bin/sh

/usr/bin/locale

locale -a

/bin/sh

/usr/bin/grep

grep -F .utf8

/usr/lib/systemd/systemd

/usr/bin/dbus-daemon

/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

/usr/lib/systemd/systemd

/lib/systemd/systemd-localed

/usr/lib/systemd/systemd

/usr/lib/upower/upowerd

/usr/lib/systemd/systemd

/usr/bin/pulseaudio

/usr/bin/pulseaudio --daemonize=no --log-target=journal

/usr/lib/systemd/systemd

/usr/libexec/geoclue

/usr/lib/systemd/systemd

/sbin/wpa_supplicant

/sbin/wpa_supplicant -u -s -O /run/wpa_supplicant

/usr/lib/systemd/systemd

/usr/sbin/avahi-daemon

/usr/sbin/avahi-daemon -s

/usr/sbin/avahi-daemon

/usr/lib/systemd/systemd

/usr/lib/packagekit/packagekitd

/usr/bin/dpkg

/usr/bin/dpkg --print-foreign-architectures

/usr/lib/systemd/systemd

/lib/systemd/systemd-hostnamed

/usr/lib/systemd/systemd

/usr/sbin/ModemManager

/usr/sbin/ModemManager --filter-policy=strict

/usr/lib/systemd/systemd

/usr/libexec/colord

/usr/libexec/colord-sane

/usr/lib/systemd/systemd

/lib/systemd/systemd-localed

There are 280 hidden processes, click here to show them.

URLs

Name

Malicious

https://www.rsyslog.com

unknown

http://wiki.x.org

unknown

http://www.ubuntu.com/support)

unknown

Domains

Name

Malicious

byte-mirai.kro.kr

154.216.20.119

Details

Name:	byte-mirai.kro.kr
IP:	154.216.20.119
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Found strings indicative of a multi-platform dropper	Spreading	Scripting
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable	System Summary
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

41.148.196.219

unknown

South Africa

17.57.22.235

unknown

United States

178.60.249.95

unknown

Spain

77.109.157.82

unknown

Switzerland

212.20.44.120

unknown

Russian Federation

94.85.243.59

unknown

Italy

90.247.48.210

unknown

United Kingdom

171.95.134.236

unknown

China

95.215.48.36

unknown

Ukraine

194.144.71.98

unknown

Iceland

81.6.26.135

unknown

Switzerland

142.92.161.138

unknown

Canada

49.10.66.205

unknown

Korea Republic of

116.133.62.126

unknown

China

37.35.209.238

unknown

Spain

148.56.211.24

unknown

Spain

75.79.174.91

unknown

United States

38.96.119.2

unknown

United States

189.181.178.45

unknown

Mexico

54.26.137.102

unknown

United States

141.1.252.120

unknown

Germany

75.177.252.217

unknown

United States

106.114.111.80

unknown

China

48.220.92.172

unknown

United States

97.99.35.251

unknown

United States

188.144.124.72

unknown

Germany

41.108.48.173

unknown

Algeria

4.207.166.220

unknown

United States

132.147.54.114

unknown

United States

46.111.236.27

unknown

Russian Federation

48.49.26.125

unknown

United States

109.219.227.122

unknown

France

39.157.9.123

unknown

China

110.152.176.180

unknown

China

221.120.41.222

unknown

Taiwan; Republic of China (ROC)

90.74.177.140

unknown

France

145.225.99.177

unknown

Germany

170.234.84.201

unknown

United States

77.198.164.103

unknown

France

154.55.185.244

unknown

United States

70.66.252.68

unknown

Canada

199.119.115.238

unknown

United States

122.208.229.28

unknown

Japan

146.181.14.108

unknown

United States

81.113.214.164

unknown

Italy

139.64.243.11

unknown

Reserved

92.154.45.111

unknown

France

20.67.73.45

unknown

United States

67.241.131.123

unknown

United States

87.248.145.178

unknown

Iran (ISLAMIC Republic Of)

49.105.53.152

unknown

Japan

175.146.218.189

unknown

China

206.163.104.103

unknown

United States

52.22.221.201

unknown

United States

160.76.36.209

unknown

United States

81.48.2.215

unknown

France

32.201.63.95

unknown

United States

140.146.53.131

unknown

United States

140.135.223.90

unknown

Taiwan; Republic of China (ROC)

80.196.122.122

unknown

Denmark

71.22.162.223

unknown

United States

49.200.247.241

unknown

India

174.5.6.59

unknown

Canada

221.163.247.124

unknown

Korea Republic of

84.82.104.191

unknown

Netherlands

180.68.127.138

unknown

Korea Republic of

173.139.22.69

unknown

United States

223.66.110.150

unknown

China

81.59.219.35

unknown

Belgium

166.75.222.194

unknown

Chile

212.201.98.74

unknown

Germany

176.136.223.224

unknown

France

36.114.86.25

unknown

China

202.114.81.199

unknown

China

159.7.232.162

unknown

Sweden

59.108.216.166

unknown

China

101.63.232.190

unknown

Italy

211.141.188.88

unknown

China

37.149.75.37

unknown

Cyprus

89.206.103.220

unknown

Switzerland

142.220.72.254

unknown

Canada

196.233.130.48

unknown

Tunisia

165.204.55.254

unknown

United States

155.154.166.83

unknown

United States

4.131.82.80

unknown

United States

61.235.149.98

unknown

China

83.118.208.212

unknown

France

126.139.28.45

unknown

Japan

69.233.21.178

unknown

United States

113.236.166.136

unknown

China

172.147.112.158

unknown

United States

137.61.4.24

unknown

Sweden

128.153.194.132

unknown

United States

85.43.219.86

unknown

Italy

184.226.66.6

unknown

United States

153.196.225.114

unknown

Japan

69.222.230.189

unknown

United States

161.153.47.58

unknown

United States

46.204.222.204

unknown

Poland

190.20.195.197

unknown

Chile

There are 90 hidden IPs, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

7fb3dc027000

page execute read

7fb3dc027000

page execute read

7fb3dc027000

page execute read

7fb3dc027000

page execute read

7fb3dc027000

page execute read

7fb3dc027000

page execute read

7fb4e3c52000

page read and write

7fb3dc02b000

page read and write

56524151d000

page read and write

56524492b000

page read and write

7fb4e3948000

page read and write

7fb4e35fa000

page read and write

7fb4e3c76000

page read and write

7fb4e3948000

page read and write

56524494c000

page read and write

7fb4e35fa000

page read and write

7fb3dc028000

page read and write

7fb4dc021000

page read and write

56524351b000

page execute and read and write

565241514000

page read and write

7fb4dbfff000

page read and write

7ffdca135000

page read and write

56524492b000

page read and write

5652412c3000

page execute read

7fb4e3cbb000

page read and write

7fb4e3766000

page read and write

7ffdca19b000

page execute read

7fb3dc028000

page read and write

7fb4e3c52000

page read and write

7fb4e35d7000

page read and write

7fb3dc028000

page read and write

56524151d000

page read and write

565241514000

page read and write

7fb4e3c76000

page read and write

7fb3dc02b000

page read and write

7fb4e3766000

page read and write

7fb4e35fa000

page read and write

7fb4e300a000

page read and write

7fb3dc02b000

page read and write

7fb4dbfff000

page read and write

7fb3dc02b000

page read and write

7ffdca19b000

page execute read

7fb4e3c52000

page read and write

7fb4e300a000

page read and write

7ffdca19b000

page execute read

7fb4e336c000

page read and write

56524151d000

page read and write

7fb4e336c000

page read and write

7fb4e3c52000

page read and write

7fb4e336c000

page read and write

7fb4e2f78000

page read and write

7fb4e3b29000

page read and write

5652412c3000

page execute read

7fb4e3948000

page read and write

7fb4dc021000

page read and write

5652412c3000

page execute read

7fb4e2f78000

page read and write

56524351b000

page execute and read and write

56524351b000

page execute and read and write

7ffdca135000

page read and write

7fb4e35fa000

page read and write

7fb4e2f78000

page read and write

7fb4e3cbb000

page read and write

56524351b000

page execute and read and write

7fb4dc021000

page read and write

7fb4e3b29000

page read and write

7fb4e336c000

page read and write

565243532000

page read and write

7fb4e3c52000

page read and write

7fb4e35fa000

page read and write

7fb4e2770000

page read and write

7fb4e3c76000

page read and write

7ffdca19b000

page execute read

7fb4e3c52000

page read and write

7fb4e3766000

page read and write

7fb4e3b29000

page read and write

7ffdca135000

page read and write

5652412c3000

page execute read

7fb4e2f78000

page read and write

7fb4dbfff000

page read and write

7fb4e3766000

page read and write

56524494c000

page read and write

7fb4e3948000

page read and write

7fb4e300a000

page read and write

7ffdca135000

page read and write

7ffdca19b000

page execute read

7fb4e2770000

page read and write

56524151d000

page read and write

7fb3dc028000

page read and write

7fb4dbfff000

page read and write

7fb3dc02d000

page read and write

7fb4dbfff000

page read and write

7fb4e3cbb000

page read and write

7fb4e2770000

page read and write

7fb4e3766000

page read and write

7fb4e2770000

page read and write

7fb3dc028000

page read and write

7fb4e2770000

page read and write

7fb4e35d7000

page read and write

7fb3dc02b000

page read and write

7fb4e3948000

page read and write

7fb3dc02b000

page read and write

7fb4e300a000

page read and write

56524492b000

page read and write

7ffdca135000

page read and write

7fb4e3948000

page read and write

565241514000

page read and write

7fb4e3b29000

page read and write

565241514000

page read and write

7fb4e2f78000

page read and write

7ffdca19b000

page execute read

7fb4e35d7000

page read and write

7fb4dc021000

page read and write

565241514000

page read and write

7fb4e3cbb000

page read and write

7fb4e35fa000

page read and write

7fb4e3b29000

page read and write

7fb4e3cbb000

page read and write

7fb3dc028000

page read and write

565241514000

page read and write

5652412c3000

page execute read

7fb4e2770000

page read and write

56524492b000

page read and write

7fb4dbfff000

page read and write

7fb4e2f78000

page read and write

7fb4e3cbb000

page read and write

7fb3dc02d000

page read and write

7fb4e336c000

page read and write

7fb4dc021000

page read and write

7fb4e3b29000

page read and write

565243532000

page read and write

7fb4e3c76000

page read and write

7fb4e300a000

page read and write

7fb4e35d7000

page read and write

56524351b000

page execute and read and write

7fb4e3c76000

page read and write

56524492b000

page read and write

7fb4dc021000

page read and write

7fb4e336c000

page read and write

565243532000

page read and write

7fb4e35d7000

page read and write

565243532000

page read and write

56524351b000

page execute and read and write

565243532000

page read and write

56524151d000

page read and write

56524151d000

page read and write

7fb4e35d7000

page read and write

7fb4e3c76000

page read and write

7ffdca135000

page read and write

56524492b000

page read and write

7fb4e300a000

page read and write

7fb4e3766000

page read and write

5652412c3000

page execute read

565243532000

page read and write

There are 144 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
na.elf

Files

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportna.elf

Files

Processes

URLs

Domains

IPs

Memdumps

IOC Report
na.elf