Analysis Overview
SHA256
09e563ee72e2242d9f2e67d402ffe5b1f480134dd34fe8fd05930a90c1fc11ab
Threat Level: Shows suspicious behavior
The file i686.elf was found to be: Shows suspicious behavior.
Malicious Activity Summary
Renames itself
Checks hardware identifiers (DMI)
Creates/modifies Cron job
Reads hardware information
Enumerates running processes
Reads MAC address of network interface
Checks CPU configuration
Enumerates kernel/hardware configuration
Reads runtime system information
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-07-03 05:28
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-07-03 05:28
Reported
2025-07-03 05:30
Platform
ubuntu2204-amd64-20250619-en
Max time kernel
149s
Max time network
144s
Command Line
Signatures
Renames itself
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks hardware identifiers (DMI)
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/virtual/dmi/id/board_vendor | /root/.sys/configuration | N/A |
| File opened for reading | /sys/class/dmi/id/board_vendor | /root/.sys/configuration | N/A |
Creates/modifies Cron job
| Description | Indicator | Process | Target |
| File opened for modification | /var/spool/cron/crontabs/tmp.sHn8ys | /usr/bin/crontab | N/A |
Enumerates running processes
Reads MAC address of network interface
| Description | Indicator | Process | Target |
| File opened for reading | /sys/class/net/ens3/address | /root/.sys/configuration | N/A |
Reads hardware information
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/virtual/dmi/id/product_uuid | /root/.sys/configuration | N/A |
| File opened for reading | /sys/class/dmi/id/board_name | /root/.sys/configuration | N/A |
| File opened for reading | /sys/class/dmi/id/product_uuid | /root/.sys/configuration | N/A |
| File opened for reading | /sys/devices/virtual/dmi/id/board_name | /root/.sys/configuration | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /root/.sys/configuration | N/A |
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/class/net | /root/.sys/configuration | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/887/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/1303/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/6/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/194/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/497/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/1052/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/1181/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/1283/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/1364/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/1484/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/20/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/99/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/1162/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/1174/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/1218/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/23/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/78/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/85/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/165/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/787/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/905/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/1307/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/1312/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/89/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/27/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/11/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/1023/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/1088/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/1133/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/1553/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/189/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/1058/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/1158/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/1375/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/1551/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/14/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/73/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/95/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/101/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/188/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/588/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/593/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/604/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/74/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/186/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/522/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/773/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/1073/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/1166/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/1195/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/1245/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/92/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/93/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/162/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/637/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/734/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/1233/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/1317/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/15/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/1142/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/1192/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/10/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/83/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/175/cmdline | /root/.sys/configuration | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/root1086f3d | /root/.sys/configuration | N/A |
Processes
/usr/bin/crontab
[crontab -l]
/usr/bin/crontab
[crontab -]
/usr/bin/crontab
[crontab -l]
/root/.sys/configuration
[/tmp/i686.elf]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | time.cloudflare.com | udp |
| US | 8.8.8.8:53 | bttracker.debian.org | udp |
| US | 8.8.8.8:53 | router.bittorrent.com | udp |
| SE | 130.239.18.158:6881 | bttracker.debian.org | udp |
| US | 67.215.246.10:6881 | router.bittorrent.com | udp |
| FI | 135.181.238.57:50000 | udp | |
| SE | 130.239.18.158:8524 | bttracker.debian.org | udp |
| SE | 130.239.18.158:8515 | bttracker.debian.org | udp |
| NL | 178.162.174.43:28004 | udp | |
| NL | 178.162.174.149:28001 | udp | |
| US | 172.111.38.128:26084 | udp | |
| PL | 46.170.109.226:43233 | udp | |
| HK | 223.122.231.15:15000 | udp | |
| NL | 81.171.22.85:28016 | udp | |
| RU | 94.190.121.108:6881 | udp | |
| NL | 178.162.174.222:28014 | udp | |
| NL | 178.162.174.228:28004 | udp | |
| FR | 51.159.104.76:7186 | udp | |
| NL | 185.183.35.248:6882 | udp | |
| FR | 62.210.209.241:59642 | udp | |
| SE | 130.239.18.158:8597 | bttracker.debian.org | udp |
| GB | 134.209.183.166:6881 | udp | |
| FR | 178.33.233.79:8999 | udp | |
| NL | 45.152.210.124:50171 | udp | |
| RU | 83.172.0.42:60229 | udp | |
| NL | 5.79.66.11:54337 | udp | |
| FI | 65.21.129.56:50000 | udp | |
| FI | 37.27.117.180:50000 | udp | |
| FI | 37.27.117.113:50000 | udp | |
| FI | 65.21.129.47:50000 | udp | |
| DE | 23.158.56.119:10096 | udp | |
| FI | 37.27.103.253:50000 | udp | |
| NL | 46.232.210.80:13259 | udp | |
| FI | 37.27.117.251:50000 | udp | |
| FI | 65.21.128.216:50000 | udp | |
| FI | 135.181.227.243:50000 | udp | |
| US | 100.11.208.248:18631 | udp | |
| FI | 65.21.128.240:50000 | udp | |
| FI | 37.27.103.248:50000 | udp | |
| FI | 65.21.125.186:50000 | udp | |
| NL | 95.211.81.107:51413 | udp | |
| SE | 130.239.18.158:8824 | bttracker.debian.org | udp |
| FI | 65.21.128.214:50000 | udp | |
| NL | 178.162.174.178:28001 | udp | |
| FI | 65.21.129.49:50000 | udp | |
| US | 128.61.217.58:24364 | udp | |
| AU | 203.123.97.233:17113 | udp | |
| CN | 49.65.171.12:6537 | udp | |
| US | 142.202.48.88:10099 | udp | |
| US | 3.141.159.213:6880 | udp | |
| NL | 178.162.174.74:28000 | udp | |
| US | 3.12.65.135:6880 | udp | |
| NL | 178.162.173.105:28003 | udp | |
| US | 148.153.170.2:6880 | udp | |
| NL | 178.162.174.43:28007 | udp | |
| RU | 94.140.135.117:15674 | udp | |
| CN | 116.232.182.218:15000 | udp | |
| NL | 178.162.174.5:28005 | udp | |
| RU | 109.248.217.202:6881 | udp | |
| CA | 24.67.108.30:1024 | udp | |
| JP | 153.193.192.152:60000 | udp | |
| NL | 45.87.251.11:28127 | udp | |
| DE | 95.91.226.170:2427 | udp | |
| US | 73.208.41.226:6881 | udp | |
| NL | 188.90.169.20:51413 | udp | |
| NL | 217.121.231.94:59625 | udp | |
| SE | 130.239.18.158:8508 | bttracker.debian.org | udp |
| SE | 130.239.18.158:8644 | bttracker.debian.org | udp |
| NL | 81.171.25.195:64962 | udp | |
| SE | 130.239.18.158:8521 | bttracker.debian.org | udp |
| RU | 109.195.163.100:39437 | udp | |
| RU | 178.70.169.29:6981 | udp | |
| AT | 63.247.211.162:6881 | udp | |
| DE | 195.201.179.130:16309 | udp | |
| SE | 130.239.18.158:8500 | bttracker.debian.org | udp |
| CL | 101.44.9.31:6880 | udp | |
| SE | 130.239.18.158:8580 | bttracker.debian.org | udp |
| FR | 195.154.233.74:6880 | udp | |
| SE | 130.239.18.158:8516 | bttracker.debian.org | udp |
| NL | 178.162.173.91:28003 | udp | |
| SE | 130.239.18.158:8620 | bttracker.debian.org | udp |
| SE | 130.239.18.158:8513 | bttracker.debian.org | udp |
| KR | 183.97.84.214:65339 | udp | |
| RU | 77.39.28.162:59595 | udp | |
| RU | 185.34.240.192:14172 | udp | |
| NL | 45.132.114.236:51413 | udp | |
| US | 54.211.14.111:20871 | udp | |
| FR | 88.126.118.102:10852 | udp | |
| NL | 185.149.91.171:51010 | udp | |
| GB | 86.23.151.204:6881 | udp | |
| BR | 168.227.166.187:38567 | udp | |
| US | 69.50.95.40:12097 | udp | |
| NL | 169.150.223.221:64125 | udp | |
| US | 142.202.48.88:14008 | udp | |
| ES | 87.221.100.231:3737 | udp | |
| UA | 146.120.161.48:25542 | udp | |
| RU | 79.139.129.30:2395 | udp | |
| US | 54.211.14.111:6882 | udp | |
| NL | 193.32.16.134:50171 | udp | |
| LV | 185.145.245.151:8661 | udp | |
| FR | 5.39.81.144:56611 | udp | |
| NL | 45.87.251.132:28183 | udp | |
| US | 34.207.160.46:20872 | udp | |
| US | 154.202.133.222:6880 | udp | |
| US | 54.85.131.184:6880 | udp | |
| US | 69.50.95.40:10000 | udp | |
| RU | 188.93.215.82:10992 | udp | |
| US | 216.128.97.44:6881 | udp | |
| FR | 93.28.77.229:2624 | udp | |
| DE | 89.168.69.159:51413 | udp | |
| NL | 178.162.173.111:28008 | udp | |
| RU | 95.27.65.254:1588 | udp | |
| FI | 135.181.238.125:50000 | udp | |
| NL | 185.107.71.105:27633 | udp | |
| FR | 5.135.163.217:51413 | udp | |
| FR | 5.135.155.133:51413 | udp | |
| NL | 37.48.89.181:48531 | udp | |
| NL | 178.162.173.163:28006 | udp | |
| NL | 178.162.174.226:28005 | udp | |
| NL | 178.162.174.222:28011 | udp | |
| NL | 45.91.208.243:51936 | udp | |
| NL | 178.162.173.141:28000 | udp | |
| NL | 185.107.71.103:44737 | udp | |
| NL | 178.162.174.77:28014 | udp | |
| NL | 178.162.174.228:28007 | udp | |
| US | 45.203.211.8:6880 | udp | |
| PH | 120.28.214.81:6881 | udp | |
| RU | 94.180.162.117:20303 | udp | |
| CN | 203.195.192.49:19560 | udp | |
| CL | 119.8.148.47:6880 | udp | |
| RU | 95.181.111.162:26607 | udp | |
| RU | 188.187.99.27:6881 | udp | |
| US | 69.50.95.40:12040 | udp | |
| NL | 188.91.14.180:56158 | udp | |
| CA | 173.34.201.92:15000 | udp | |
| TW | 114.34.138.206:51417 | udp | |
| AL | 79.106.231.163:1434 | udp | |
| FI | 135.181.227.244:50000 | udp | |
| RU | 109.195.250.179:39602 | udp | |
| FI | 37.27.103.181:50000 | udp | |
| RU | 46.181.82.116:62242 | udp | |
| CA | 185.196.61.129:6880 | udp | |
| AU | 159.196.172.33:3167 | udp | |
| GB | 81.97.170.44:17151 | udp | |
| US | 34.207.160.46:20873 | udp | |
| NL | 46.232.210.102:64251 | udp | |
| NL | 46.232.210.30:13409 | udp | |
| FI | 37.27.107.126:50000 | udp | |
| US | 52.15.209.223:6880 | udp | |
| KZ | 95.58.29.30:62262 | udp | |
| NL | 51.15.11.208:4786 | udp | |
| NL | 31.184.113.207:18973 | udp | |
| NL | 178.162.174.232:28007 | udp | |
| SG | 43.133.45.199:50028 | udp | |
| AU | 120.148.20.77:50484 | udp | |
| SE | 188.150.183.85:6881 | udp | |
| NL | 95.211.136.213:57087 | udp | |
| KR | 119.199.44.17:41149 | udp | |
| IN | 223.184.233.123:56856 | udp | |
| KR | 222.106.254.52:51413 | udp | |
| KR | 118.44.255.135:40980 | udp | |
| RU | 212.193.178.83:51413 | udp | |
| CA | 108.173.167.132:32339 | udp | |
| GB | 94.15.15.175:61058 | udp | |
| AR | 186.153.18.248:6881 | udp | |
| RU | 178.140.204.15:41963 | udp | |
| KR | 222.118.227.122:40781 | udp | |
| CA | 24.122.31.102:26755 | udp | |
| BR | 170.83.251.168:47746 | udp | |
| RU | 178.69.32.218:39204 | udp | |
| CA | 24.207.73.29:27502 | udp | |
| FR | 188.165.244.171:52138 | udp | |
| KZ | 2.134.107.246:35598 | udp | |
| RU | 93.123.214.100:6881 | udp | |
| US | 23.242.19.174:6881 | udp | |
| KR | 211.237.36.9:40861 | udp | |
| US | 98.116.130.67:6881 | udp | |
| NL | 178.162.174.99:28003 | udp | |
| KR | 106.243.227.212:33251 | udp | |
| KR | 118.32.106.27:7587 | udp | |
| KR | 218.49.131.228:32792 | udp | |
| NL | 5.79.93.242:61920 | udp | |
| NL | 185.203.56.44:24841 | udp | |
| RU | 109.94.86.48:53952 | udp | |
| NL | 5.79.98.171:6882 | udp | |
| KR | 14.34.91.83:33052 | udp | |
| FI | 37.27.113.233:49834 | udp | |
| GB | 86.158.246.213:51352 | udp | |
| HK | 219.77.3.229:6881 | udp | |
| RU | 185.60.46.195:51413 | udp | |
| CN | 120.235.84.105:12560 | udp | |
| FR | 195.154.182.247:31860 | tcp | |
| RU | 80.71.168.252:1797 | udp | |
| GB | 154.61.186.63:6881 | udp | |
| RU | 194.39.99.146:24954 | udp | |
| CH | 31.10.155.217:44031 | udp | |
| RU | 31.186.74.161:58844 | udp | |
| MY | 121.123.92.5:6881 | udp | |
| CN | 124.92.218.170:15000 | udp | |
| RU | 80.244.46.34:49001 | udp | |
| RU | 46.17.251.139:5827 | udp | |
| US | 142.202.48.88:14096 | udp | |
| JP | 60.103.156.39:11630 | udp | |
| RU | 31.210.199.204:6881 | udp | |
| ES | 79.116.251.200:45694 | udp | |
| KR | 175.208.71.36:33024 | udp | |
| IL | 93.172.234.143:51413 | udp | |
| GB | 89.22.197.53:6881 | udp | |
| JP | 153.192.162.160:6889 | udp | |
| KR | 218.156.22.144:46287 | udp | |
| US | 108.12.214.239:14627 | udp | |
| CN | 112.23.122.241:16269 | udp | |
| SG | 188.214.125.180:59692 | udp | |
| NL | 178.162.174.34:28004 | udp | |
| TH | 49.228.242.228:6881 | udp | |
| RU | 95.24.18.201:24421 | udp | |
| MX | 187.243.211.217:13333 | udp | |
| NL | 37.48.95.50:6920 | udp | |
| CN | 180.173.60.255:51413 | udp | |
| NL | 185.149.91.15:20024 | udp | |
| KR | 59.7.247.226:7823 | udp | |
| IE | 84.203.100.48:5740 | udp | |
| RU | 195.98.79.139:43493 | udp | |
| SE | 130.239.18.158:8547 | bttracker.debian.org | udp |
| BR | 187.43.184.73:1882 | udp | |
| JP | 14.133.49.120:9311 | udp | |
| FR | 90.125.23.240:14080 | udp | |
| MA | 197.147.223.4:48462 | udp | |
| IL | 79.178.110.137:40346 | udp | |
| US | 47.227.248.255:6881 | udp | |
| SE | 92.244.201.223:6881 | udp | |
| DE | 91.59.251.27:51413 | udp | |
| PT | 95.136.8.201:16817 | udp | |
| NO | 80.203.21.225:29764 | udp | |
| US | 72.21.17.3:21515 | udp | |
| NL | 77.165.72.60:33780 | udp | |
| BR | 189.28.187.56:21268 | udp | |
| SI | 93.103.59.63:6881 | udp | |
| BR | 187.36.169.112:20165 | udp | |
| SG | 58.182.223.228:9091 | udp | |
| BR | 45.183.241.11:53785 | udp | |
| DE | 91.21.100.114:39655 | udp | |
| RU | 91.105.180.32:55583 | udp | |
| CN | 114.80.9.123:6887 | udp | |
| CN | 114.80.9.123:6886 | udp | |
| CN | 27.207.133.175:51413 | udp | |
| KR | 118.47.239.164:41043 | udp | |
| GR | 79.130.166.254:54426 | udp | |
| IN | 223.184.243.101:30909 | udp | |
| DE | 91.47.100.126:6889 | udp | |
| CN | 114.92.111.167:51212 | udp | |
| HU | 84.21.182.152:6881 | udp | |
| GB | 90.195.112.79:42112 | udp | |
| BR | 186.226.55.10:55261 | udp | |
| US | 13.58.27.33:6881 | udp | |
| FR | 5.39.85.155:52228 | udp | |
| HU | 145.236.138.251:8999 | udp | |
| CA | 65.94.68.113:31387 | udp | |
| BR | 45.183.119.117:6881 | udp | |
| BB | 65.48.167.8:21797 | udp | |
| PE | 190.232.205.193:38639 | udp | |
| CN | 39.163.221.65:62865 | udp | |
| IE | 54.194.135.233:6992 | udp | |
| RU | 95.153.180.32:59238 | udp | |
| US | 76.191.111.51:64022 | udp | |
| ID | 103.184.51.101:20496 | udp | |
| AU | 58.107.132.14:24567 | udp | |
| CN | 27.26.140.44:13824 | udp | |
| RU | 82.194.247.10:4094 | udp | |
| RU | 178.129.136.27:6881 | udp | |
| DE | 209.38.196.30:6811 | tcp | |
| NL | 159.65.200.220:6816 | tcp | |
| UA | 46.33.251.139:31312 | udp | |
| RU | 78.139.120.191:1450 | udp | |
| PT | 2.80.5.49:46198 | udp | |
| TW | 111.250.71.208:9078 | udp | |
| AU | 60.241.19.155:65035 | udp | |
| CA | 54.39.107.165:16481 | udp | |
| US | 35.167.186.212:6881 | udp | |
| IE | 54.194.124.68:6881 | udp | |
| BG | 83.97.64.97:1148 | udp | |
| US | 54.214.62.55:6881 | udp | |
| DE | 43.240.149.123:32681 | udp | |
| GB | 194.29.101.83:10240 | udp | |
| SG | 167.99.72.189:6881 | udp | |
| CN | 121.27.84.81:30406 | udp | |
| AR | 45.228.190.186:58194 | udp | |
| DE | 213.244.63.41:6287 | udp | |
| RU | 185.141.77.190:16116 | udp | |
| IN | 110.226.183.10:8809 | udp | |
| CZ | 46.13.217.101:6881 | udp | |
| NL | 45.155.90.140:8080 | udp | |
| FR | 162.19.102.3:8080 | udp | |
| BG | 213.91.213.12:34602 | udp | |
| GB | 86.16.124.206:6881 | udp | |
| TH | 223.205.196.225:60554 | udp | |
| RU | 46.0.3.20:49062 | udp | |
| CN | 223.149.193.51:4512 | udp | |
| RU | 46.175.35.238:1359 | udp | |
| US | 172.56.34.124:38342 | udp | |
| TR | 88.236.188.189:36361 | tcp | |
| NL | 159.65.200.220:6814 | tcp | |
| NL | 159.65.200.220:6811 | tcp | |
| LY | 102.164.103.159:32512 | udp | |
| RS | 94.189.212.155:6881 | udp | |
| IN | 152.59.146.53:44956 | udp | |
| IE | 54.194.135.233:6892 | udp | |
| FR | 88.173.210.111:21041 | udp | |
| PH | 120.28.249.45:6262 | udp | |
| AU | 124.149.138.41:23252 | udp | |
| FR | 88.120.48.133:36361 | tcp | |
| US | 35.163.251.58:6881 | udp | |
| US | 43.130.56.223:6000 | udp | |
| CA | 54.39.52.183:18985 | udp | |
| US | 142.171.125.191:6881 | udp | |
| DE | 209.38.196.30:6818 | tcp | |
| IQ | 37.238.53.7:36361 | tcp | |
| SI | 46.122.67.75:23376 | udp | |
| PL | 54.36.168.18:46075 | udp | |
| NL | 159.65.200.220:6813 | tcp | |
| BE | 81.83.66.151:27773 | udp | |
| AT | 84.112.211.46:6881 | udp | |
| GB | 45.133.172.70:50030 | udp | |
| PT | 149.90.59.54:46565 | udp | |
| NL | 212.102.35.82:56365 | udp | |
| PT | 81.193.174.186:45632 | udp | |
| NL | 185.21.216.153:59404 | udp | |
| PT | 188.83.153.222:28867 | udp | |
| PT | 95.92.205.119:24242 | udp | |
| US | 45.203.206.54:6880 | udp | |
| US | 47.201.123.125:58017 | udp | |
| US | 104.195.12.42:6881 | udp | |
| NL | 37.48.89.198:42087 | udp | |
| JP | 219.66.208.222:20896 | udp | |
| LU | 104.244.73.2:51413 | udp | |
| MX | 201.137.48.56:16073 | udp | |
| RU | 77.91.111.196:24876 | udp | |
| KZ | 2.134.111.209:2508 | udp | |
| NL | 178.162.173.40:28014 | udp | |
| CA | 99.252.138.226:6881 | udp | |
| FR | 213.174.124.46:19632 | udp | |
| BR | 187.108.124.135:53961 | udp | |
| LT | 78.63.100.13:24803 | udp | |
| HK | 42.3.12.72:8249 | udp | |
| IT | 31.171.138.74:6881 | udp | |
| FR | 37.187.17.173:51413 | udp | |
| NZ | 203.173.213.234:6881 | udp | |
| ES | 79.116.182.159:6881 | udp | |
| RU | 145.255.3.53:26527 | udp | |
| CH | 176.10.100.20:25610 | udp | |
| RU | 46.8.6.38:1796 | udp | |
| IT | 78.134.101.95:53978 | udp | |
| TW | 118.232.118.101:23225 | udp | |
| FR | 195.154.172.179:25240 | udp | |
| RU | 88.135.61.92:32842 | udp | |
| BR | 201.87.238.42:36361 | tcp | |
| CZ | 86.49.250.22:36361 | tcp | |
| RU | 31.200.249.130:31860 | tcp | |
| AR | 138.36.96.47:52671 | udp | |
| HK | 43.198.17.172:20965 | udp | |
| US | 72.46.50.187:25078 | udp | |
| FR | 188.165.231.103:6881 | udp | |
| RU | 188.19.52.153:2561 | udp | |
| RU | 91.245.38.23:1215 | udp | |
| KR | 115.94.122.77:40974 | udp | |
| HK | 42.200.151.91:6881 | udp | |
| KR | 49.166.209.67:51413 | udp | |
| KR | 220.121.244.198:62771 | udp | |
| CN | 117.143.142.149:13831 | udp | |
| RU | 178.66.144.186:49001 | udp | |
| LV | 83.99.148.109:27495 | udp | |
| IN | 103.59.75.105:22341 | udp | |
| RU | 146.66.179.204:6881 | udp | |
| JO | 86.108.16.181:44162 | udp | |
| FR | 178.32.206.156:29649 | udp | |
| US | 98.54.158.67:6881 | udp | |
| FI | 95.217.228.148:50000 | udp | |
| US | 172.111.38.128:26044 | udp | |
| US | 69.50.95.40:10096 | udp | |
| BS | 108.60.249.45:12926 | udp | |
| BR | 186.216.49.112:24631 | udp | |
| NL | 5.79.83.114:28000 | udp | |
| CN | 125.83.55.23:3774 | udp | |
| TR | 88.236.100.210:36361 | tcp | |
| RU | 80.251.239.188:1161 | udp | |
| RU | 89.222.217.235:16624 | udp |
Files
/var/spool/cron/crontabs/tmp.sHn8ys
| MD5 | 759a652ed7e7a97a0f00299c595b3d72 |
| SHA1 | 91c3f7e58a12b98f839aad238a68bc23860eac23 |
| SHA256 | d215568de167b4417ddd3d68c65cc53e4d834afe175e35926b2ca8be376a72da |
| SHA512 | af28c7930bfe2f0fb2798b70d9f9b507ca53eafc2f1e58b4ec397915a78158f6f5494a9e90998a1fbd7a5d91c12599b92f2fb49068097fc91d8ce583260090cd |
memory/1570-1-0x0000000008048000-0x0000000008152570-memory.dmp